Jump to content


Security concerns

  • Please log in to reply
2 replies to this topic

#1 ReVeR

  • Members
  • PipPipPip
  • Advanced Member
  • 42 posts

Posted 24 February 2006 - 01:27 AM

How can i make my program (php +mysql dbes) more secure from diffrent ways of manipulation by somethign like sql injections and so on. Basically i want to make all the forsm (ex user registration) and other to be as secure as possible.
Any ideas are welcome.

#2 AndyB

  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 24 February 2006 - 01:41 AM

[a href=\"http://www.sitepoint.com/article/sql-injection-attacks-safe\" target=\"_blank\"]http://www.sitepoint.com/article/sql-injection-attacks-safe[/a] - or any of a zillion results from Google
Legend has it that reading the manual never killed anyone.
My site

#3 fenway

  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 24 February 2006 - 04:52 AM

You can read all the articles you want, but it all comes down to making sure that everything is properly quoted (field values, basically). This prevents a semi-colon from starting a new query. Both PHP and Perl make it trivial to do this, and everyone should.

Other than the above, the usual safeguards apply -- make sure the server is locked down, don't be stupid about root passwords (or root access for that matter), etc. Any *nix sysadmin can help you with these, or your hosting company should take care of it for you.

Good luck.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users