What are some practices I should use in a product registration system I'm building? I likely can't stop all malicious hacking, but I'd like to slow them down a great deal. (Note, I know only PHP.) I'm talking about things like encrypting traffic, testing the encryption from hacking like a man-in-the-middle attack, etc. The other concern I have is that this needs to work on most PHP5-based web hosting environments, which may not have mcrypt installed.
Asked
Active
Viewed 500 times
1 Answers
1
To encrypt traffic and prevent MITM attacks you need to require SSL to access your app and get a certificate from a certification company (i.e. Verisign). This isn't done through code though, its configured on the hosting server.
Other security measures you need to take are to parametrize everything you put in a SQL statement to prevent SQL injection. you will also need to ensure that you ensure a user is authorized to view every page so incrementing some id in the url doesn't result in showing unauthorized information. You also need to use a salted hash to stored user passwords, and properly hash or encrypt other sensitive information in the database appropriately. Do not store old passwords. Make sure that security patches are applied in a timely manner, ensure your code is not susceptible to newly discovered vulnerabilities when they are revealed. Limit access as much as possible, separate duties as much as possible.
That's all the basic security stuff off the top of my head
Ryathal
- 13,486
- 1
- 36
- 48