Jump to content

Beginner security questions


steelerman99

Recommended Posts

Hello,

 

I've just recently learned php and have coded a website with a bunch of php and a mysql database (although i haven't put it online- just have been coding it on my hard drive and testing it with WAMP).

 

Now, when the time comes and i go to put my site on the net using a commercial host (bluehost or godaddy or something similar), what measures should i take to make sure my site doesn't get hacked?  I have a bunch of important data that i can't have tampered with (an online schedule with web interface updates).

 

Is all the security i need provided by the commercial hosts, or do i have to take some steps myself?

 

Can anyone point me to a tutorial or something to help get me started?  I read something on php.net, but i'm looking for more of a "hold your hand and walk you through it" kind of tutorial.  haha

 

 

But any help is appreciated.  Thanks!!

Link to comment
Share on other sites

You can prevent 90% of all security problems if you distrust your users.  That is to say filter everything you accept from them and be wary of any user input you later redisplay to the same (or other) users.

 

You can read the PHP manual entries and the following user posts for the following functions to gain a head start:

mysql_real_escape_string

addslashes

stripslashes

striptags

htmlentities

 

Also, follow common sense rules.  i.e. if you allow users to upload files and later delete them, make sure that when a user requests to delete the file that they are in fact the one who uploaded it!

 

Stuff like that!

 

I'd say more but laziness is getting the best of me.

Link to comment
Share on other sites

I will add to that that you should set up 2 account for your mysql database - give one all the permissions you require for admin (insert/edit/delete etc.) and the other give the minmum amount of access to do the job - use this account for accessing the database from public site.

Link to comment
Share on other sites

and look into what mode of php your host is running.  if it is a module, if safe mode is enabled, cgi, etc...all these things make a difference with security from others hosted on the server with you.  if things aren't set up right, they can browse your files, including your database credentials.  google "php security shared hosting" to learn more about it all.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.