Website Security
Importance?
Website security is of major importance to website owners and the people
who are using the websites. As a site owner you are responsible for ensuring that your users are able to view your website without the risk of problems
associated with malware, viruses and trojans.
At Firestorm we are committed to providing a safer more secure experience for all users of the internet, so we have constructed this section to offer some basic advice on simple but effective website security.
Common Mistakes?
One of the most common problems with websites is the lack of validation when accepting user input. Ie. you may have a web page that is accepting a users email address and password, in order for them to login to your website.
When accepting this input, it is essential that the data received is analysed and 'cleaned', so it is free from any potentially harmful characters.
Below you can see some simple but effective methods for 'cleaning' user input.
|
ASP Example
|
|
|
|
<%Function BurnBadInput (rVar,rType)
Set regEx = New RegExp
regEx.Global = true
regEx.Pattern =
"[^0-9a-zA-Z\@\w\.\,\-\_\b\r\
\-]"
IF rType = "querystring"
THEN
BurnBadInput =
regEx.Replace(request.querystring(rVar),
"")
ELSEIF rType = "form" THEN
BurnBadInput =
regEx.Replace(request.form(rVar),
"")
ELSEIF rType = "cookie"
THEN
BurnBadInput =
regEx.Replace(request.cookies(rVar),
"")
ELSEIF rType = "string"
THEN
BurnBadInput =
regEx.Replace(rVar,
"")
END IF
End Function%>
|
|
Using This Example
|
|
|
|
Using this function to cleanse your querystring, form, cookie or string data is simple.
Firstly you place the code above into the HEAD section of your page and then you call the querystring or form as shown.
Instead of:
<% User_Input =
request.querystring("EXAMPLE")
%>
You request the input using the function, as shown:
<% User_Input = BurnBadInput("EXAMPLE","querystring")
%>
You can cleanse other request types such as FORM, COOKIE, or plain STRING as shown below:
<% User_Input = BurnBadInput("EXAMPLE","form")
%>
|
|
PHP Example
|
|
|
|
<?php
function burnBadInput($fire){
if (get_magic_quotes_gpc())
{$flame=stripslashes($fire);}
else
{$flame=$fire;}
return
mysql_real_escape_string($flame);
?>
|
|
Using This Example
|
|
|
|
Using this function to cleanse your querystring, form, cookie or string data is simple.
Firstly you place the code above into the HEAD section of your page and then you call the querystring or form as shown.
Instead of:
<?php $User_Input =
$_POST['EXAMPLE'] ?>
You request the input using the function, as shown:
<?php $User_Input = burnBadInput($_POST['EXAMPLE'])
?>
You can cleanse other request types such as FORM, COOKIE, or plain STRING as shown below:
<?php $User_Input = burnBadInput($_GET['EXAMPLE'])
?>
|
|
JavaScript Example
|
|
|
|
<script type="text/javascript">
<!--
function valBadInput(){
var fire = /[\(\)\<\>\,\;\:\\\"\[\]]/ ;
if(document.getElementById('EXAMPLE')!='')
{
var_data = document.getElementById('EXAMPLE');
if (!fire.test(var_data))
{
alert('The EXAMPLE field contains illegal characters!');
return false;
}
}
}
//-->
</script>
|
|
Using This Example
|
|
|
|
Using this function to
validate a form is simple.
Firstly you place the code above into the HEAD section of your page and then you call the
function using the 'onsubmit'
call within a form. (it is
important to note that
Javascript validation must
be used in conjunction with
good server side validation)
Add this to your form:
onsubmit="return
burnBadInput();"
So an example form would
look like this:
<form action="/EX/"
method="post" onsubmit="return
valBadInput();">
This script would validate an input field that had the id 'EXAMPLE' but can easily be modified to accept many more fields etc.
|
Related Articlesles
|
|
|
Powerful Hosting ?
|
All of our hosting packages come with the following features as standard.
- Unlimited Bandwidth
- Online Account Control
- Instant Setup
- Webmail Access
- FTP Access
|
Push Mobile Access
Advert
Security Essentials
Website security has become an important consideration for anyone who own or runs a website. Secure your
website now by downloading the latest
version of our renowned website security Firefile ®
More About Security
|
Thank you. 