I was beefing up security at my website, and the technician mentioned
something about ” sanitizing user input “
I emailed support for my host:
[QUOTE]
Jul 18 2012 18:39
Q: Allen Harris
I purchased the dedicated IP.
Our technician said we did a good job at security, and he made the comment:
(quote)
On thing i didn’t read was ensuring that scripts (such as Perl, PHP) sanitize user input before reading/writing to the file system or making SQL requests to a database. That’s critical.
(/quote)
I don’t exactly know what that means, but there are no outside
sources which use the database.
As far as scripts, the only one I’m familiar with is Javascript and PHP.
I do not know what it means to sanitize user input.
Jul 18 2012 18:50
A: Support63
Hello,
When a form is submitted, the data from this form is passed to an executable script. It can then take that data and record it into a database or a file.
Sometimes, it is possible to craft the data entered on a form in such a way that it makes the target script execute commands that were not intended by the programmer. If this happens, the script is hacked.
Sanitizing user input refers to a way to prevent such crafted data from being used to hack a script. This is a vast topic, and if you are not familiar with it, we would recommend that you contact a web developer to check your scripts for any security problems.
Best regards,
Support
This is the first I’ve heard about this, is there a thread or
a website so I can brush up on security for this issue?