[thelist] Securing a Web Application

Paul Bennett Paul.Bennett at wcc.govt.nz
Thu Oct 20 16:46:30 CDT 2005

ON this note: check out mysql's CRYPT function - easy to use and one-way (AFAIK) 

-----Original Message-----
From: thelist-bounces at lists.evolt.org.uk [mailto:thelist-bounces at lists.evolt.org.uk] On Behalf Of Ivo P
Sent: Friday, October 21, 2005 10:45 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] Securing a Web Application

You probably already know this but when it comes to logins there is value in not storing passwords themselves. Instead store a hash of the password so that if your app were cracked plaintext passwords wont be revealed.

Then like others have pointed out watch out for scripting attacks, sql injection, etc. Basically never trust the data returned by a client until you have sanitized it.

* * Please support the community that supports you.  * * http://evolt.org/help_support_evolt/

For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt ! 

More information about the thelist mailing list