Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

how to make a secure site

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

how to make a secure site

Postby DyoWeL » Sat May 22, 2004 3:40 pm

Hi guys just want to ask how to make a secure upload site?


My friend tells me that they used a program called IRIS to sniff the username and password for a FTP, so i am scared that my accnt info can be sniffed wid that program. So i want to make a website that will acts as an upload my files just like https. How do i make it secure to sniffers? thanks.
DyoWeL
New php-forum User
New php-forum User
 
Posts: 5
Joined: Thu Mar 18, 2004 6:10 pm

Postby Oleg Butuzov » Sun May 23, 2004 1:54 am

this is total different questions.

if you want to make secur conection with users you need to use diferent methods of protect ssl sesions passwords encriptions atc.
Oleg Butuzov
Last Samuray
Last Samuray
 
Posts: 831
Joined: Sun Jun 02, 2002 3:09 am

Re: how to make a secure site

Postby WiZARD » Mon May 24, 2004 9:47 am

DyoWeL wrote:Hi guys just want to ask how to make a secure upload site?


My friend tells me that they used a program called IRIS to sniff the username and password for a FTP, so i am scared that my accnt info can be sniffed wid that program. So i want to make a website that will acts as an upload my files just like https. How do i make it secure to sniffers? thanks.

Good point:
user four times tryed logining and type wrong password. After fourth times get the message about account bloked (JS - window.close)
User avatar
WiZARD
Moderator
Moderator
 
Posts: 1257
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol

Postby Alex » Fri May 28, 2004 5:27 pm

Well, there are a lot of programs out there for brute force hacking, IRIS and Brute are among favorites. But it is a server that you have to configure really, so it does not allow itself to get hacked (sorry that's an oxymoron). You see, there are security holes that can be exploited pretty much everywhere, and the safest computer one that is strapped of it's components and burried in the middle of the desert a few thousand feet under the ground in a airless air-tight plastic container with a 10 kilotonn nuke that detonates at any sign of change.
But anyways, make sure that you have good data validation, good logging, string length checks everywhere, and as little room for a possible custeomer mistake as possible. Hey you can set up a system where after say 10 login tries, an admin finds out about it by any means.
Also, make sure that whatever server you are using, is configured and updated propperly, so none of at least newbie to intermediate hackers can get in.
Alex
New php-forum User
New php-forum User
 
Posts: 180
Joined: Fri Mar 07, 2003 4:59 pm

Postby Harlequin » Fri Nov 12, 2004 4:37 am

This probably and I suspect isn't the best way of doing this but I log every failed login and also have an e-mail sent to me that shows what credentials a user uses.

I had a strange on the other day, someone posted an entire URL into the password field that appeared to be looking up an MX record. Strange.

Anyway, as I said, probably not the best way but it works for me. (Until the next release of-course)
User avatar
Harlequin
New php-forum User
New php-forum User
 
Posts: 102
Joined: Sat Jul 24, 2004 10:38 am
Location: UK


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.