Slow progress

September 13, 2004 at 4:03 pm Leave a comment

I’ve finished up the basics of the FAQ system.. It now actually works, right down to the search feature… (It doesn’t count up each time an item is viewed or anything too fancy yet. Just basic functionality.)

BUT, the next piece that I must dive into is security… At this point, I’ve not put a lot of effort into securing this application from would-be hackers. Now, it’s not likely that too many people would be interested in hacking your FAQ, but I wouldn’t put it past some to attempt to deface it, requiring you to either restore your database (you did make a backup, didn’t you?) or manually fix the things they messed up.

The biggest issue with security in Web applications is that the data you receive from the user can not *AT ANY TIME* be trusted. I can’t stress this enough. It doesn’t matter what use the variable has, it can probably be exploited if you don’t escape your user input. This goes for any form where they can enter data (search, etc.) as well as anything passed in the URL.

Advertisements

Entry filed under: PHP.

Trim text down for the web FAQ is online

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Calendar

September 2004
S M T W T F S
« Aug   Dec »
 1234
567891011
12131415161718
19202122232425
2627282930  

Most Recent Posts


%d bloggers like this: