/    Sign up×
Community /Pin to ProfileBookmark

Review Stage

Copy linkTweet thisAlerts:
May 03.2013

Hi,

I am close to launching a website that i have been working on for some time now and i plan on carrying out a significant review of security .

I understand that one of the biggest areas of concern from a security point of view is how you handle user input (fields / forms etc.)

I don’t expect anyone to reply with tonnes of information on each, as the internet is full of help and advice BUT the one downside of the internet is ‘how up to date’ the information is (don’t want to use / implement out dated practices) or the ‘integrity’ of the advice, especially in relation to this subject’.

So what are your key best practices for each of the following:

1 – Validating Input

2 – Sanitizing Input

Thanks in advance for your help…

to post a comment
PHP

2 Comments(s)

Copy linkTweet thisAlerts:
@jazzmasterkcMay 03.2013 — This is much more of a pain in the ass since you are using php, perl is so much easier to filter injections. If you want to truley sanitize your inputs, you need a seperate php file that will hanndle different data types and outputing it where ever it's suppost to go. Validating input, is more so to keep people from making a mistake on accident, as you still need to "validate" in your filter after submission. Use javascript to help the user know if he entered something wrong, and if you want you could have a basic layer of filtering in the user browser to keep newbs at bay, but be sure to check that same stuff on your sever before doing anything with it! And good luck doing it with php :p
Copy linkTweet thisAlerts:
@Strider64May 04.2013 — I'll add my .05 cents (It should be .02 cents...but inflation ? )

I say if you can try to keep everything modularized on your website as much possible, it would add to your security a lot. If you can keep all you html on one page, by that I mean you headers and footers (HTML) [they can be separate files] and then have you can have content in modules (you can even keep these files in a separate folder) it would keep you organized and offer up better security. Keep you sensitive data (login requirements, database information, etc...) in a separate file (like already mention) in a different folder that way you can even further protect it by giving that folder a unique name (Don't use names that people use for tutorials, for why would you want to aid the script kiddies ? ) and you could even further protect it with a .htaccess file in the future if you so desired. I write special functions that sanitize my user input and I use this motto, "When it doubt, Sanitize It!".

An lastly as someone has told me if you truly truly want it secure use Hypertext Transfer Protocol Secure (HTTPS); however, even that can be insecure - but you have to cut the cord sometime.?
×

Success!

Help @oo7ml spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...