Security Precautions
Overview
I’ve been working on a web content management system and I’m wondering if my security precautions are enough or if I’m forgetting anything?
Login
- form token and another token with user-agent stored in it for good measure?
- One way encrypted passwords, password strength tester, users names follow specific format
- Sql injection
- All incoming data is sanitized
- Form spoofing has been prevented
Sessions
- Sessions are registered based on privileges
- Sessions and user-agent are checked for every page action and changed
- Sessions are registered with unique variables such as $_SESSION[‘1234d0n1y’];
- Sessions timeout after 15 minutes with my own script, also they are set to timeout after 30 minutes
- Sessions are stored in a directory with only this site
CRUD
- All users have privileges
- All forms have a token
- All forms check the data posted verses the an array of expected data
- All data is sanitized
- Sql injection has been prevented
- Should I prompt for a password when a users updates sensitive data or deletes sensitive data?
Other
- All include files are in a password protected directory
- All errors are logged and reported to me
- Pretty much everything is monitored
- Program does not store any sensitive data, however if it were to be hacked malicious users could delete all data
- All data that is posted is checked to see that it is the data it should be, data, integer, string, etc..
- Some special characters are blocked… unless using WYSIWYG editor.
- All file uploads only allow specific file types, not sure about something like… image.php.jpg or visa versa?
- Anything I’m forgetting?
Any input?
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Any input?
Salts. Use a salt (and pepper) to create your password hashes.CaliberWebMedia wrote:Login
One way encrypted passwords, password strength tester, users names follow specific format
It couldn't hurt but i would limit this to administrators / super-users. If i was a user having to continually enter my password before i could delete something i would quit using the software.CaliberWebMedia wrote: Should I prompt for a password when a users updates sensitive data or deletes sensitive data?
You don't mention specifics about the system itself but it's a good idea to only give a user the permissions they need on the SQL server. So if your normal users can only SELECT, UPDATE, DELETE it wouldn't be such a good idea to have the password / username combination they use have GRANT , DROP permissions.CaliberWebMedia wrote: Anything I’m forgetting?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering