|
|
Posted by Mike P2 on 05/05/07 22:00
On May 5, 5:37 pm, "alvarojavierv...@gmail.com"
<alvarojavierv...@gmail.com> wrote:
> What is best way that you use (technique) to get safe
> (may be your site or system)?
That depends almost completely on what your site does and how it is
done. For general things, you can disable PHP's register_globals
option (you'll find that in php.ini, or you can write a short snippet
that unregisters the globals like phpBB forums do, or .htaccess can
sometimes help with PHP switches) and mysql_real_escape_string()
specific input before inserting into your database to prevent SQL
injection (magic_quotes may be enabled already, it's preferable to
disable that and escape stuff yourself so you can be sure it's working
all of the time).
You can also give mod_security a try, some hosts implement it
(DreamHost does). It covers a some things you might miss.
http://www.modsecurity.org/projects/modsecurity/apache/index.html
-Mike PII
Navigation:
[Reply to this message]
|