Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo
- - - - -

Offering Tutorials


  • Please log in to reply
2 replies to this topic

#1 Gatorhardware

Gatorhardware

    Web Hoster

  • Active Members
  • PipPipPipPipPip
  • 315 posts

Posted 01 May 2009 - 02:28 PM

What kind of security risk would it be to offer free tutorials on php coding that you use on your own site.

Example:

Login scripts
dynamic checkout scripts
cookies
ect.

I know that php is server side and can't usually be seen by the end user but there are a lot of 12 year old's out there with too much time on their hands.

#2 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 02 May 2009 - 10:17 AM

It depends.

1. Partly on how diligent you are in sanitizing the code before you release it. eg you'd definitely want to remove any real database names, users and passwords.
2. Partly on how well the code was originally written. eg does it allow MySQL injection?
3. And partly on how secure the server is. eg does your firewall allow external MySQL connections from anywhere?

#3 fcu1

fcu1

    HR 1

  • Members
  • Pip
  • 5 posts

Posted 27 May 2009 - 08:40 PM

QUOTE(Randy @ May 2 2009, 11:17 AM) View Post
It depends.

1. Partly on how diligent you are in sanitizing the code before you release it. eg you'd definitely want to remove any real database names, users and passwords.
2. Partly on how well the code was originally written. eg does it allow MySQL injection?
3. And partly on how secure the server is. eg does your firewall allow external MySQL connections from anywhere?


Like Randy said, follow best programming practices and your code shouldn't be susceptible to attack. On the other hand, if your site does get hacked then you'll most likely identify and never make that same mistake again. I highly recommend parameterized queries (bounded parameters) whenever you're dealing with a database. Unfortunately, far too many resources out there advocate simple mysql_connect and mysql_query function usage that rely on the coder to remember to escape the input. A good introduction to SQL injection and how to code around it can be found unixwiz.net/techtips/sql-injection.html#target . If you're in a security conscious mood, I would also recommend reading up about XSS, as that and SQL injection are the two big ways that people tend to mess themselves up with PHP.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

SPAM FREE FORUM!
 
If you are just registering to spam,
don't bother. You will be wasting your
time as your spam will never see the
light of day!