|
Scripts in languages such as PHP, Perl, Python, ASP and ASP.NET can present security problems. However, you can take a number of relatively simple steps to improve the security of the scripts you run. The examples below are geared towards PHP. However, the principles apply to all web scripting. |
|
|
|
|
 |
You are responsible for what happens using your web space. We may suspend your account if an insecure script allows third-parties to misuse our servers. |
|
Form to mail scripts Form to mail scripts allow people to fill out a contact, or similar, form on your website. Whatever they enter is then emailed to you. They are regularly used by spammers, who hijack your script to send unsolicited email. Through a few simple checks, you can ensure that your form to mail script is only used by your website and sends to the email address you choose. Suggestion: You can prevent most illegitimate use of your form to mail scripts by checking the referrer string of the page calling your script, before processing it. |
|
| SQL injections | |
|
For example: If you dynamically create SQL statements, using parameters passed from a web form or parameters in a URL, you might use something similar to the following pseudo-code: SQL = "SELECT * FROM users WHERE name = '" + userName + "';"
You might expect the userName variable to be just that, a username.However, if the username comes from a script input, such as a form field, a malicious user could type the following: a'; DROP TABLE users;When the script is executed, the SQL statement would become: SELECT * FROM users WHERE name = 'a'; DROP TABLE users; When the SQL statement is run, it would drop the user table from the database. A mailicious user could do almost anything that your database user's permissions allow. You should:
|
|
How can I secure my webscripts?
or drag and drop files
Senior Engineer Jessie
Comments