Links and help to secure forum code
Posted: Fri Jul 07, 2006 6:23 am
well i'm developing a forum and i think i can finish it actually this weekend (started last night) and i'm worried about security. honestly i've never done security because someone else would worry about that in the team and they were good enough that we never had problems. of course none of us are hackers so don't quote me on that lol
i wanted to know more about sanitizing URL and form data depending on what type it is. for instance i have create new topic well i would want that to be different because any BB code won't be parsed. the actual body can have BB code but it won't have any HTML or it would be limited.
also, this system is basically a system of includes so therefore the forum root index is the front controller and checks the URL or post variable to see what's there and then just includes the correct functions.
the only thing that i'm doing for that is this
i don't know what i'm trying to stop so therefore i have less of a clue of how to stop it. can you please post some examples and links? that would be super helpful because i think that is the biggest problem that i have to date in coding and not the actual forum
thanx for your replies guys, it's a big help
i wanted to know more about sanitizing URL and form data depending on what type it is. for instance i have create new topic well i would want that to be different because any BB code won't be parsed. the actual body can have BB code but it won't have any HTML or it would be limited.
also, this system is basically a system of includes so therefore the forum root index is the front controller and checks the URL or post variable to see what's there and then just includes the correct functions.
the only thing that i'm doing for that is this
Code: Select all
if (!get_magic_quotes_gpc())
{
array_add_slashes($_GET);
array_add_slashes($_POST);
array_add_slashes($_COOKIE);
}thanx for your replies guys, it's a big help