steelerman99 Posted July 27, 2007 Share Posted July 27, 2007 Hello, I've just recently learned php and have coded a website with a bunch of php and a mysql database (although i haven't put it online- just have been coding it on my hard drive and testing it with WAMP). Now, when the time comes and i go to put my site on the net using a commercial host (bluehost or godaddy or something similar), what measures should i take to make sure my site doesn't get hacked? I have a bunch of important data that i can't have tampered with (an online schedule with web interface updates). Is all the security i need provided by the commercial hosts, or do i have to take some steps myself? Can anyone point me to a tutorial or something to help get me started? I read something on php.net, but i'm looking for more of a "hold your hand and walk you through it" kind of tutorial. haha But any help is appreciated. Thanks!! Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted July 27, 2007 Share Posted July 27, 2007 You can prevent 90% of all security problems if you distrust your users. That is to say filter everything you accept from them and be wary of any user input you later redisplay to the same (or other) users. You can read the PHP manual entries and the following user posts for the following functions to gain a head start: mysql_real_escape_string addslashes stripslashes striptags htmlentities Also, follow common sense rules. i.e. if you allow users to upload files and later delete them, make sure that when a user requests to delete the file that they are in fact the one who uploaded it! Stuff like that! I'd say more but laziness is getting the best of me. Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted July 27, 2007 Share Posted July 27, 2007 I will add to that that you should set up 2 account for your mysql database - give one all the permissions you require for admin (insert/edit/delete etc.) and the other give the minmum amount of access to do the job - use this account for accessing the database from public site. Quote Link to comment Share on other sites More sharing options...
calabiyau Posted July 28, 2007 Share Posted July 28, 2007 and look into what mode of php your host is running. if it is a module, if safe mode is enabled, cgi, etc...all these things make a difference with security from others hosted on the server with you. if things aren't set up right, they can browse your files, including your database credentials. google "php security shared hosting" to learn more about it all. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.