/    Sign up×
Community /Pin to ProfileBookmark

General tips on secure developing

Copy linkTweet thisAlerts:
Nov 05.2015

I think I understand that this site is primarily focused on software not hardware so I won’t ask about server setup, I’m really trying to get security right before working on larger projects.

I’m switching to PDO

I’m aware of XSS, clickjacking, frame jacking, port 22 brute forcing, parameterized binding…

What else should I think about?

I’ve also been told about using bcrypt and blowfish.

I’d appreciate any help.

to post a comment
Full-stack Developer

5 Comments(s)

Copy linkTweet thisAlerts:
@NogDogNov 05.2015 — Use Laravel as your framework and leverage a lot of its already built-in stuff, perhaps? (E.g. if you use its Eloquent ORM, you don't even have to think about escaping DB inputs -- though if you exclusively use prepared statements with bound parameters in PDO, that takes care of it too.) It also has a number of built-in things for form inputs, HTML output, password hashing, etc. that can help you out.

PS: I was assuming PHP on the server side since you mentioned PDO.
Copy linkTweet thisAlerts:
@GreenAce92authorNov 06.2015 — Man... frameworks though... haha

It seems limiting to me in a way, to conform to a framework despite the gained advantage of work that's already done being made available to you. All I mean by this... (maybe it's an ego thing?) is that I want to know the basics/scratch so I can develop without relying on something pre-made although again going against saving time. I know my argument does seem flawed. But there are a lot of frameworks, although they are for separate purposes.

Yes I am php guy, I use the hashing that comes with openssl?

Anyway, I appreciate the suggestion.
Copy linkTweet thisAlerts:
@NogDogNov 06.2015 — It's a trade-off choice only you can make: once you learn a framework, you can build stuff faster by leveraging all its built-in goodies, with the trade-off being that you lose some control of the application's innards. If it's a solidly built framework and you use it correctly, though, you also avoid mistakes and bugs that come with writing everything yourself. I mean, even writing it all from scratch in PHP, you're using the C code that PHP is built upon, and that C is built upon some assembler, which in turn wrote the actual machine language -- so you could cut out all the middle-men and just write raw machine code. ?
Copy linkTweet thisAlerts:
@GreenAce92authorNov 06.2015 — I get what you are saying. I'm orobably just being stubborn. I will keep that framework in mind though for the future. I agree with the idea of faster prototyping, it seems like everyone has similar ideas but whoever makes it first is the ome who gets the prize.
Copy linkTweet thisAlerts:
@NogDogNov 07.2015 — I'll be the first to admit that often it's not as much [I]fun[/I] to, say, include a ready-made class or package and just make a couple method calls as opposed to actually figuring out how to do it yourself and writing all the code. ?
×

Success!

Help @GreenAce92 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...