Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Security / hack protection
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Security / hack protection
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
pedalcars View Drop Down
Senior Member
Senior Member


Joined: 12 August 2002
Location: United Kingdom
Status: Offline
Points: 268 		Post Options Post Options   Thanks (0) Thanks(0)   Quote pedalcars Quote  Post ReplyReply Direct Link To This Post Topic: Security / hack protection
    Posted: 03 April 2003 at 8:58am
What more can I do?

Current protection against hacks:

Database:
  • My (access) database is outside the web directory (as recommended for this forum, for example);

Inputs:
  • All inputs that should be numeric only are checked and sanitised using a function (that I was given via this forum, ta) to ensure they are only numeric;
  • All alphabetic inputs are also checked (again, using a function I was given here!) to make sure they only contain valid characters (at the very most, a-z and underscore);
  • Where possible, inputs which will be more constrained if valid (eg, will only be in the range 0-4) are checked for this;

If any of the above three return false, the user is response.redirect'ed to an error page which states why they're there, ie, invalid ID entered; The same applies if any other seemingly-legitimate input produces a EOF/BOF error.

Edit: Correction - most invalid inputs result in a bounce to error page; some result in a bounce to a default page (eg, if the choice is between classes 1-4 and the user ammends the URL to try to select class 5, it will bounce to class 1 instead).

So, back to the question: What more can I do to secure my site, before considering I might have done "enough" and have to leave the rest to the host (eg, in terms of securing the server itself)?

Edited by pedalcars
www.pedalcars.info

The most fun on four wheels

Back to Top
faubo View Drop Down
Senior Member
Senior Member
Avatar

Joined: 30 May 2002
Location: Brazil
Status: Offline
Points: 560 		Post Options Post Options   Thanks (0) Thanks(0)   Quote faubo Quote  Post ReplyReply Direct Link To This Post Posted: 03 April 2003 at 9:18am
stress to your users that they should use really strange passwords.
I don't know how to make you click here
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.