[thelist] beefing up site security

Sarah Adams mrsanders at designshift.com
Tue Sep 5 10:15:13 CDT 2006


I'm looking to beef up the security of a site I work on that seems to be
the target of hacking attempts more and more often lately. I've got the
following measures in place already:

- checking URL, Form (including hidden fields), and Cookie variables to
make sure they are valid; should I be including CGI variables in this?
- validity checking includes making sure input is of the correct type,
correct length, within the correct range if numeric, and of an expected
value if only certain values are allowed (e.g. with radio button
inputs); anything else I should be checking?
- escaping strings that are to be used in queries (and stripping tags if
appropriate)
- making sure that restricted-access pages of the site (i.e. pages
requiring the user to login) are each individually protected from the
user accessing them directly without logging in

Are there any others measures I should add to make sure that no future
hacking attempts are successful?

-- 
sarah adams
web developer & programmer
portfolio: http://sarah.designshift.com
blog: http://hardedge.ca




More information about the thelist mailing list