Improving Your Web Security
The time which is used for developing the website might be consuming most of the programmer time. Sometimes, they even forget the importance of web security. Web security is essential parts, in case you didn’t realise it, why bother developing websites, if in the end your precious getting attack by a cracker.
Okay to prevent cracker attacking your sites, and improve your web security, then you need to know the basic attack they commonly used. The first one is through URL, usually, cracker using GET method in doing it. The second one is through input media which is provided inside a form (using POST method). Security needed to ensure, and these are a precaution so that your financial record not taken out by an unauthorised person.
To prevent this kind of attack (POST method), you could improve your web security by doing some steps below:
1. Limit the number of characters (max length)
Example implementations: < input name = “_ search” maxlength = “10? />
Point prone: Input Login (username and password), Input search
2. Lightly coat with anchoring quotation or addslashes ()
This PHP function will help us add the apostrophe (‘) on every character crisp (/) so that it can prevent SQL injection effect. I think this is quite a favourite hacking techniques among you. The addition of quote would make crisp to be of type string, so it is not considered one of the query commands on MySQL/SQL.
Example implementations: addslashes ($ _POST [‘ _ username ‘])
Point prone: Login Form
3. Lightly coat with anchoring the tag or htmlspecialchars ()
Example implementations: htmlspecialchars ($ _POST [‘ message ‘])
The point: prone, Login Form Admin Contact Form
4. Take note of the name of the input media
It is time we tried a bit more unique in determining name on our input so that the press undermines some of the tools that criminals use the library (dictionaries of words) in the determination of the variable name incarannya. For instance, in the login input media add a bottom line. Sure you have ideas yourself in
to implement this.
Example implementations: < input name = “_ username”/>
Point prone: Input Login (username and password)
While for GET method, you could improve your web security with below steps:
1. use .htaccess
This is a method that makes our website seems to have the directory structure, but it is variable. When the page is not found, then you can redirect them to our favourite 404 page.