[thelist] Securing a Web Application

Ivo P ipletikosic at gmail.com
Thu Oct 20 16:44:35 CDT 2005


You probably already know this but when it comes to logins there is value in
not storing passwords themselves. Instead store a hash of the password so
that if your app were cracked plaintext passwords wont be revealed.

Then like others have pointed out watch out for scripting attacks, sql
injection, etc. Basically never trust the data returned by a client until
you have sanitized it.



More information about the thelist mailing list