Hi,
I have constructed a few sites now with cms systems inbuilt for the site admin to add/edit/delete data and images etc.
I am using sessions for login and security around the cms.
What do I need to consider for security of the cms so it cant be hacked or have distructive code etc posted, just all round general security for cms systems?
Thank You
CMS Security
Moderator: General Moderators
The trouble with CMSs is that seemingly simple code can turn destructive if it's not formatted properly. Leaving a <table> or <div> open can really screw up your layout.
To stop PHP code from being inserted, I believe you can use strip_tags() to pull it all out before you dump, save the page code.
Make sure you have error conditions set up for every instance where you are expecting a particular value. I'd imagine that's often how web applications are hacked - hackers keep throwing weird stuff at the app until they get an error message that exposes more information than the programmer intended.
To stop PHP code from being inserted, I believe you can use strip_tags() to pull it all out before you dump, save the page code.
Make sure you have error conditions set up for every instance where you are expecting a particular value. I'd imagine that's often how web applications are hacked - hackers keep throwing weird stuff at the app until they get an error message that exposes more information than the programmer intended.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Then again, why use tables when you can use CSS
? Just kidding hehe. I use tables as well, and had no problems at all so far, even on my last CMS for my sisters site I used an IFrame that links to the various CMS pages with an cookie script that checks if you are logged in and it works fine for me (so far) 