Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: How to make a secure website

by Anonymous Monk
on Apr 30, 2008 at 08:20 UTC ( [id://683651]=note: print w/replies, xml ) Need Help??


in reply to How to make a secure website

As some of the others pointed out, there's a lot to be considered when securing a website login form. Some other things to consider are:
  • If the login is wrong, don't let on whether it was the username or password that was wrong.
  • If you print out the username (e.g. you print 'there is no user Bob registered here') make sure you html encode the username first to prevent cross-site scripting attacks.
  • The choice of session id hashing algorithm is important. MD5, the default in many cases is not really suitable for applications which require a good level of security.
  • Make sure any database lookups you do carry out are protected against SQL injections.
And there's plenty more. You can get a bit of an introduction to website security at my site WebsiteSecurityBook.com. (it's all free). I'm gathering up information on all the different security issues to be considered when securing websites.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://683651]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2024-03-28 23:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found