Other than SQL injection and XSS, what other security treats are there?

[Kibret]

The two are most common, but what are some other treats for a PHP/MySQL website?

[mikesta707]

depends on your application, but the following link may be of some use to you.

 

what kind of web page do you have? is it user based? what kind of input do you receive?

 

http://forums.mysql.com/read.php?52,227585,227585

 

another good read

http://www.scribd.com/doc/13069480/Web-Security-Threats-and-Counter-Measures

[yozyk]

Remote_File_Inclusion

[Kibret]

Thanks guys.

 

@ mike: it's a webpage that takes inputs from forms. A normal log in page, etc.

[mikesta707]

if you use cookies, make sure you always sanitize cookies values. as yozyk said, watch out for remote file inclusions, and of course xss and sql injections.

 

do you use a database? do you hash/salt your passwords? do you verify that your inputs always get the right information (IE not just "safe", but for numeric inputs do you test that the value is a number? stuff like that

[Kibret]

@Mike: For the moment I am not done with the site. I was just wondering what security issues I should consider before going further.

 

Is there any website that lists most of these threats and gives the solutions? Just like a summary???

[mikesta707]

not many sites that list all the information in one place. A google search turned up a few websites that were slightly related. the second link in my first post gives a very indepth look at most security threats though.

 

beyond that, what i said in my previous post should set you on the right path. Also, if you have shared hosting, remember that if one person has a vulnerable site, it can make everyone else that shares that server's site vulnerable also, so if you are really concerned about security, you may also consider not using shared hosting