I have a project that has worked well for a company for years but now they want to expand it and offer it to other users. (the back end)
My concern is as more people know of something the more attractive to attacks it gets. All user input is validated and the entire sites configuration is password protected. My question is other than cross site scripting and malicious user input what should I be concerned about?
The other part that I am concerned about is the server must accept form data from telemetry units on Verizon's cell network like this:
thesite.com/reportingpage.php?unitid=1236685&val_1=34&val_2=225 and so on...
I can send it all via https, but if someone figures out the fields they would be able to send data that will be logged as if it came from the unit with X id.
It can go POST also but same problem.