Hiya All,

I was wondering you procedure that you secure your scripts from being hacked or exploited as well as MySQL queries. Any ideas from anyone, I really wanna look into this.

use


htmlspecialchars()


use this on any variables you echo that the user defines.

for mysql use password() for passwords

yeah, i use that already for html being inserted into MySQL, and tha password storage thing, i heard the encryption is weak on it so i use better. I use MD5, it is the standard, microsoft uses it. Wait, MS, ----, nm. Lol, back on topic, any other suggestions?

Never rely on register_globals. Try to write scripts that don't rely on register globals. NO unfiltered variables in a query.

Use magic_quotes, or disable magic_quotes and addslash all GET/POST/COOKIE data yourself.

MD5 is actually a very good encrypt/decrypt scheme if implemted properly. On a good password it would take a lot of computing time to break it.

Originally posted by LastActionHero
MD5 is actually a very good encrypt/decrypt scheme if implemted properly. On a good password it would take a lot of computing time to break it. u can't decrypt it right? only thru a brute force attack

Yes. It's a encrypt only scheme. My bad :o

So people can get into a mySQL database and look at the information as they please?

Originally posted by Christopher
So people can get into a mySQL database and look at the information as they please?

how did you figure that from reading this post? :confused:

LoL, I'm confused - why would you want to encrypt things?

Or were you speaking sarcastic?

if i remeber correctly, md5 is based on sessions.. or some ---- like that.. ok i'll shut up now.. :(.

md5 is not sessions, its a hash created using math!:D

ah yea, hash, i got them mixed up, how stupid of me, thanx BG!