12.23.2009

Must know to secure your web host

Tags: apache, hosting, php, security Categories: Web & Programming, Network, Misc, PHP
Bookmark and Share
Add to DZone

I would like to talk about hacks and how to secure your code in 2 levels. The 2 levels are:

  • Code level.
  • Server (host) level.

The rist for not securing these two levels are:

  • Losing important data.
  • Losing your database.
  • New files and folders created on your server (hack).
  • updating your current files by adding maleware script to the end of files.

 

PHP level security:

The PHP level will prevent injections to SQL datbase.

So, it will secure you from losing data having problem with your database.
The most thing you should know is: Don't trust any data sent from client.
So,
for numeric posts (POST or GET) use: "(int)" before the variable. This will change the type of it to integer (if you need it like that). See this code:
$id = (int)$_GET['id'];
// OR
$id = (int)$_POST['id'];

Also see the list of types below:

  • (int) cast to integer.
  • (bool) cast to boolean.
  • (float) cast to float.
  • (string) cast to string.
  • (array) cast to array.
  • (unset) cast to NULL (PHP 5).
  • (binary) cast to binary (PHP 6).

When you have POST or GET data sent from client as String or TEXT, try to clean it to prevent SQL injections by using "mysql_real_escape_string($string)" function.
Example:
$text = mysql_real_escape_string($_POST['textfield']);

NOTE: don't forget to prevent access to inner files used in includes.

 

Server (Host) level:

Try to download the Security information test from PHP.net and upload it to your host to show your the host security levels. Download it from this link: http://phpsec.org/projects/phpsecinfo/

Here is the list of security issues and better values they should get:

  • allow_url_fopen must be: 0 (disabled)
  • allow_url_include must be: 0 (disabled)
  • magic_quotes_gpc must be: 0 (disabled)
  • register_globals must be: 0 (disabled)
  • SAFE_MODE: you can turn off this feature, this feature is Deprecated in PHP 5.3 and Removed in PHP 6

 Don't forget to do the following:

  • Add empty file named as "index.html" to any directoy doesn't have any "index.html" or "index.php" files.
  • Remove any write permissions on any file or folder you don't want to change or modify.
  • Add permissions to inner folders to prevent direct access.

 

01.11.2009

Increase your Website PageRank on Google

Categories: Web & Programming, Network, SEO, E-Commerce
Bookmark and Share
Add to DZone

Google Page rank is based on back links. Back links are Links pointing to your website from another website. The more back links you have the higher your PR will be.

1. Join forums, forums are a great way to achieve links to your website. In most forums you are allowed to have a signature and in your signature you can put a link to your website. But another important note to look on is making sure the forum is somewhat related to your website. You will still get credit if it's not, but if it's related to your website than you will be accomplishing two tasks at once.

You will be advertising for your website (bringing in targeted traffic) You will also be building your websites presence.

Read more »

Free Blog Themes / Templates