Re: is this script secured enough from internet attacks

All being said here is really good. One extra tip, usually you don't want to make filters for things you don't want like: antiInjection, antiXSS, antiXXXXX, since attackers usually find new ways to attack your site.

So my recommendation is to take the inverse approach, that means check that each field has what you expect it to have. If is a numeric field validate that only numbers comes in it, if is an alphanumeric id validate it only contains letters and numbers, and so forth. This will give you much better specially when same filters apply to all fields you end up making them less strict to allow different variation work

Also even though your application filters SQL inejection the attacker can still take your site down if the query is heavy, so make sure you limit your slow queries and use the proper caching

Comment on Re: is this script secured enough from internet attacks

Replies are listed 'Best First'.
Re^2: is this script secured enough from internet attacks by Anonymous Monk on Jun 12, 2011 at 18:42 UTC
Hear, hear! Whitelisting is far more secure than blacklisting ... are you positive that you know all the bad strings?	[reply]
Re^2: is this script secured enough from internet attacks by tercoz (Acolyte) on Nov 01, 2011 at 04:37 UTC
Everything you said is valuable, and yes I shudder when I think about those various ways to ruin my website, and the greatest fear is 100000 queries of my cgi per second, cgi always opens and close database, which is time consuming, if there are too many queries, server may be out of service, I don't really know how does it work but heard of it alot	[reply]