PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Fri Jun 05, 2020 12:12 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Any input?
PostPosted: Thu Dec 01, 2011 12:36 pm 
Offline
Forum Newbie

Joined: Fri Nov 18, 2011 12:01 am
Posts: 4
Security Precautions
Overview
I’ve been working on a web content management system and I’m wondering if my security precautions are enough or if I’m forgetting anything?
Login
- form token and another token with user-agent stored in it for good measure?
- One way encrypted passwords, password strength tester, users names follow specific format
- Sql injection
- All incoming data is sanitized
- Form spoofing has been prevented
Sessions
- Sessions are registered based on privileges
- Sessions and user-agent are checked for every page action and changed
- Sessions are registered with unique variables such as $_SESSION[‘1234d0n1y’];
- Sessions timeout after 15 minutes with my own script, also they are set to timeout after 30 minutes
- Sessions are stored in a directory with only this site
CRUD
- All users have privileges
- All forms have a token
- All forms check the data posted verses the an array of expected data
- All data is sanitized
- Sql injection has been prevented
- Should I prompt for a password when a users updates sensitive data or deletes sensitive data?
Other
- All include files are in a password protected directory
- All errors are logged and reported to me
- Pretty much everything is monitored
- Program does not store any sensitive data, however if it were to be hacked malicious users could delete all data
- All data that is posted is checked to see that it is the data it should be, data, integer, string, etc..
- Some special characters are blocked… unless using WYSIWYG editor.
- All file uploads only allow specific file types, not sure about something like… image.php.jpg or visa versa?
- Anything I’m forgetting?


Top
 Profile  
 
 Post subject: Re: Any input?
PostPosted: Thu Dec 01, 2011 1:40 pm 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group