/    Sign up×
Community /Pin to ProfileBookmark

Security

Copy linkTweet thisAlerts:
Mar 01.2007

I guess I am looking for a link.
I wrote a PHP site (why not Perl?) that has a MySQL user DB and an option for the staff to mass mail the list.
Someone pointed out that my site is not secure;
– someone can mass-add emails to the DB with a simple script
– um… he wasn’t satisfied with the mass mailing page. I had it get a password before mailing, but… whatever.

Where can I read up on security?
I suppose some features I can add is checking the referer before allowing anything and limiting stuff like max 1 email addition per minute or whatever…
Any good sites/manuals out there?

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@CrazyMerlinMar 01.2007 — you can get all the php security info you need from php.net

I suppose some features I can add is checking the referer before allowing anything and limiting stuff like max 1 email addition per minute or whatever...[/QUOTE]

well, if you don't, your hosting company will shut you down in a flash.

unrestricted mass-mailing is seen as spam and will trigger an auto account shut off on a lot of servers.
Copy linkTweet thisAlerts:
@yitzleauthorMar 01.2007 — Are both checks needed, or is either enough?

I don't see any security guidelines on php.net. Could you be more specific?
Copy linkTweet thisAlerts:
@felgallMar 01.2007 — The best source of PHP security info I have found is a book called "Essential PHP Security" by Chris Shiflett (published by O'Reilly). Covers both what you need to secure against and how to write your code to build in that protection.
×

Success!

Help @yitzle spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...