Members Online
Total Online: 33 Web Spiders: 15
Guests Online: 31
Members Online: 2
Registered Members: 70210 Newest Member: whitela
|
View Thread
| Author |
Secure comment box |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
I set up a comment box on my site that uses php and flat file databases, since the person who hosts my site was worried about cpu usage of mysql, however I took it down because I was worried it wasnt very secure. Well, in fact, to be honest it had no security at all. I'm going to install a check to not allow posts containing <,>,[, or ], and not allow people to post more than once every 24 hours.
Is there anything else I need to do to increase security of it? Perhaps another filter or image verification system to stop spam?
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
 
|
| Author |
RE: Secure comment box |
theflash
Member
Posts: 9
Location:
Joined: 23.05.09
Rank: Newbie |
|
Is Google broke?
Infamously The_Flash
Edited by theflash on 14-07-09 02:59 |
|
|
| Author |
RE: Secure comment box |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
theflash wrote:
Is Google broke?
Interesting question. They actually had to lay a few people off due to the effects of the (latest) economical crisis.
@OP;
Try installing an IDS. I can recommend this one: http://php-ids.org/
See sla.ckers.org for occasional updates on web app security.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Secure comment box |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
|
theflash wrote:
Is Google broke?
I had done a bit of googling, however when it comes to the security of my site (which had recently received a whole bunch of pen testing) I thought I would ask for a more complete opinion, especially since im not sure exactly which ways a comment box could be exploited.
spyware wrote:
Try installing an IDS. I can recommend this one: http://php-ids.org/
See sla.ckers.org for occasional updates on web app security.
Thanks, I never knew they made ids's for webapps, i'll definitely be adding that in.
MoshBat wrote:
Rather than stop posts, just remove the offending symbols.
Some of them are used in smiley faces, and could remove genuine comments.
Good point. I was aware that I would be stopping quiet a few posts, but I had forgotten how often they get used in smilies and such. thanks
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
Edited by stealth- on 15-07-09 05:57 |
|
|
|
|
|
Main:
