zander1983 Posted June 15, 2011 Share Posted June 15, 2011 Hi I was wondering, what are the main fundamental security features which should be in place on a php website? I have an e-commerce site i hope to launch soon, and the security measures i use are: 1. SSL 2. Any data from user is cleansed with mysql_real_escape_string() before being inserted to a table 3. MD5 + salt used to encrypt passwords Am I missing anything? Is this enough? With database tables, do I only need to encrypt password fields? Are all other field ok as they are? Regarding sessions, i use them a lot throughout the site. Are there any security issues here? Cheers Mark Quote Link to comment https://forums.phpfreaks.com/topic/239477-securing-an-e-commerce-website/ Share on other sites More sharing options...
punk_runner Posted June 16, 2011 Share Posted June 16, 2011 Always check that the value submitted is what it is supposed to be. For example, if you are expecting a zip code, only allow numbers and letters, a dash and a space (for Canadian)... disallow all other characters. It's probably a good idea NOT to call your database columns "username" and "password" - call them something like "x_username" or "user_password" so it is hard to guess. Force 8+ character passwords... When you want to get really secure use prepared statements. Quote Link to comment https://forums.phpfreaks.com/topic/239477-securing-an-e-commerce-website/#findComment-1230326 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.