PHP hacking and defacing

[LanceT]

I see a lot of message boards being hacked and defaced by third-parties. So i'm scared because I don't really know anything about PHP security and if these big message board scripts can get hacked, then how can I protect my script?

 

Any general tips I should follow?

[artacus]

Well a lot of those get hacked because their source code is freely available so if there is a page that is vulnerable to cross site scripting or sql injection its easier to find. Then, once a vulnerability is found, its easy to search for other sites using that software and hack them.

 

So those are two strikes you won't have against you. But to answer your question, don't trust anything that comes from the user (cookies, get, post, etc)

[LanceT]

Well a lot of those get hacked because their source code is freely available so if there is a page that is vulnerable to cross site scripting or sql injection its easier to find. Then, once a vulnerability is found, its easy to search for other sites using that software and hack them.

 

So those are two strikes you won't have against you. But to answer your question, don't trust anything that comes from the user (cookies, get, post, etc)

 

alright that's good to hear. What I am currently doing to check if the passwords match is first check if the set cookie's username matches the database username as well as the set cookie's password matches the database's password before allowing a user to have any access to confidential pages.

 

Is this a good way to prevent hacking?