|
|
Posted by Marty on 11/03/05 18:37
In article <1131025325.178890.262770@g44g2000cwa.googlegroups.com>,
rjames.clarke@gmail.com says...
>
>I am developing an online application and the last thing I need to get
>a handle on is security.
>This app is very heavy with forms. Business critical data will be
>entered via forms and inserted in to a database (mysql).
>
>I've google "php security" and from what I've read, I should:
>
>1) Filter all form data by stripping all non-alpha/numeric characters
>out,
>
>2) Have the database on a different server,
>
>3) Use "POST" not "GET",
>
>4) Turn global variables off.
>
>5) Use sessions for logins
>
>Should this do it? Or do I need more precautions?
>Even with all this can I still get hacked?
>
>Thanks
>
> bob
>
Some folks use a web form to have it email them results a visitor submitted.
Always check all the fields being submitted for tricks lie "\nBcc: the world" in
case some one tries to hijack your web page as a vehicle for spam. My two cents.
Marty
--
Basic Newsguy - 3 GB / month - $39.95 / year
http://newsguy.com/overview.htm
Navigation:
[Reply to this message]
|