Security issues
Moderator: General Moderators
-
chris12295
- Forum Contributor
- Posts: 113
- Joined: Sun Jun 09, 2002 10:28 pm
- Location: USA
- Contact:
Security issues
I have a databse with user information and a login script and I need some expert advice on how to keep the information secure so people cant retrieve information from the database or run malicious code using my scripts. Whats are best ways to keep my scripts and database secure?
Encrypting your users passwords is good. I've used the function Password() but can't find it on the online php manual anymore. crypt() does the same thing, maybe it's just a new name. Store the encrypted password, too. That way there are no plain text passwords stored so no one (including database admins) can figure out someone's password. This isn't the solution to db security, just a good idea.
-
chris12295
- Forum Contributor
- Posts: 113
- Joined: Sun Jun 09, 2002 10:28 pm
- Location: USA
- Contact:
- RandomEngy
- Forum Contributor
- Posts: 173
- Joined: Wed Jun 26, 2002 3:24 pm
- Contact:
-
chris12295
- Forum Contributor
- Posts: 113
- Joined: Sun Jun 09, 2002 10:28 pm
- Location: USA
- Contact:
I think you'll find most issues covered here:
http://forums.devshed.com/showthread.ph ... t=security
http://forums.devshed.com/showthread.ph ... t=security
keep your include files, and especially the one that contains your db username and password, in a location on your hard drive that is not accessible in the web documents directory.
For example, if your webserver serves documents from "c:\web", keep your include files in "c:\php\includes". This will prevent anyone from stumbling on your database name and password unless they gain filesystem access to the whole system.
For example, if your webserver serves documents from "c:\web", keep your include files in "c:\php\includes". This will prevent anyone from stumbling on your database name and password unless they gain filesystem access to the whole system.
Here are some good tutorials on XSS matters.
http://www.phpadvisory.com
However, above all else, here is the one thing that will pretty much solve 99% of the security problems out there:
NEVER TRUST DATA COMING FROM THE USER.
If you always code like all your data from the user is bad, malicious hacking type stuff, you should do fine.
http://www.phpadvisory.com
However, above all else, here is the one thing that will pretty much solve 99% of the security problems out there:
NEVER TRUST DATA COMING FROM THE USER.
If you always code like all your data from the user is bad, malicious hacking type stuff, you should do fine.