zander1983 Posted June 15, 2011 Share Posted June 15, 2011 Hi I was wondering, what are the main fundamental security features which should be in place on a php website? I have an e-commerce site i hope to launch soon, and the security measures i use are: 1. SSL 2. Any data from user is cleansed with mysql_real_escape_string() before being inserted to a table 3. MD5 + salt used to encrypt passwords Am I missing anything? Is this enough? With database tables, do I only need to encrypt password fields? Are all other field ok as they are? Regarding sessions, i use them a lot throughout the site. Are there any security issues here? Cheers Mark Link to comment https://forums.phpfreaks.com/topic/239477-securing-an-e-commerce-website/ Share on other sites More sharing options...
punk_runner Posted June 16, 2011 Share Posted June 16, 2011 Always check that the value submitted is what it is supposed to be. For example, if you are expecting a zip code, only allow numbers and letters, a dash and a space (for Canadian)... disallow all other characters. It's probably a good idea NOT to call your database columns "username" and "password" - call them something like "x_username" or "user_password" so it is hard to guess. Force 8+ character passwords... When you want to get really secure use prepared statements. Link to comment https://forums.phpfreaks.com/topic/239477-securing-an-e-commerce-website/#findComment-1230326 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.