"Shaun" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > "Dan Joseph" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi, > > > > > > > I have created a site that allows users to schedule staff, make > > > appointments > > > etc. Users must log in to use the site and the users data is held in the > > > Users table of the MySQL database. However, due to the nature of > > > the site I > > > need to make sure it is 110% secure against hacks etc. Now I know > > > this isn't > > > actually possible but I would appreciate any advice on how I can get it > as > > > secure as possible, I have no experience on this aspect of web > > > development. > > > > Turn off register globals. Validate all form posts for bogus data. Check > > that the cookie hasn't been changed with bad characters malliciously. > > Things like that. Try and break into the site w/o logging in. We paid > for > > a security audit from a company called @stake (www.atstake.com). If you > can > > afford it, I'd contract someone to audit you. > > > > -Dan Joseph > > Thanks for your reply, > > why would it be necessary to turn off register globals?
How could a cookie be changed maliciously? We use sessions anyway so this isn't an issue but I am curious to know :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
