p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: Optimising site security


Message #1 by "seanin" <seanin@t...> on Tue, 1 Oct 2002 20:40:50 +0100
BlankHi, I am building  a site that basically allows people to insert /update or  delete (after
authentication) their own adverts. I have my admin script in a separate directory.The problem is I'm not too 'up' on what basic
precautions I need to make my site more secure. What do I need to worry about most?. like, am I leaving myself more open by allowing
users delete their own ads (script outside the password protected admin directory).

Any advise would be appreciated.

Sean





Message #2 by "Gellings, C.O." <gellingsco@p...> on Tue, 1 Oct 2002 22:12:01 +0200
you could use https (ssl)

-----Original Message-----
From: seanin [mailto:seanin@t...]
Sent: 01 October 2002 21:41
To: beginning php
Subject: [beginning_php] Optimising site security


BlankHi, I am building  a site that basically allows people to insert
/update or  delete (after authentication) their own adverts. I have my admin
script in a separate directory.The problem is I'm not too 'up' on what basic
precautions I need to make my site more secure. What do I need to worry
about most?. like, am I leaving myself more open by allowing users delete
their own ads (script outside the password protected admin directory).

Any advise would be appreciated.

Sean







Message #3 by "David Scott-Bigsby" <DScott-Bigsby@P...> on Tue, 1 Oct 2002 13:20:58 -0700
> BlankHi, I am building  a site that basically allows people
> to insert /update or  delete (after authentication) their own
> adverts. I have my admin script in a separate directory.The
> problem is I'm not too 'up' on what basic precautions I need
> to make my site more secure. What do I need to worry about
> most?. like, am I leaving myself more open by allowing users
> delete their own ads (script outside the password protected
> admin directory).

You'll want to have some control over what HTML (and PHP) they can put 
in their advert. There are a few "strip" functions in PHP (whose names 
escape me) which are designed for this very purpose.

dsb

***************************************       
David Scott-Bigsby
Product Manager, Web Site and PEDN

PureEdge Solutions
The Leader in Secure XML e-Forms

v:250-708-8145  f:250-708-8010
1-888-517-2675   www.PureEdge.com
***************************************

  Return to Index