[thelist] beefing up site security
Sarah Adams
mrsanders at designshift.com
Tue Sep 5 16:44:23 CDT 2006
>> I get an email from the site including details of the page request if
>> "illegal" user input is detected.
>
> No offence but unless it is a very good system it might not be reliable.
Hence my desire to beef up security - I'm wondering if there are bad
requests that might be getting through. I think I've covered the usual
suspects, but I want to be sure.
> We had something like that on an old cms we used to use. Normal users
> could trigger it off. Even a bored kid messing around can set them off.
That's the reason for the email to notify me - so I can take a look and
determine if the request is valid but "wonky" or if it really is malicious.
> I would make sure your code is up to date and has no bugs. Are you using
> a CMS system or some other pre built system?
It's a system built by myself and my colleagues.
> Apart from that it is really down to your hosting provider to make sure
> the server is secure. Mod-Security might help if you are using php.
> Again that is down to the server admin.
I've already notified them so they can take whatever steps necessary
(but I assume/hope they already have).
--
sarah adams
web developer & programmer
portfolio: http://sarah.designshift.com
blog: http://hardedge.ca
More information about the thelist
mailing list