1 Q about mysql driven websites and 2 Q about the security of the forms?
Question by : 1 Q about mysql driven websites and 2 Q about the security of the forms?
1-I am creating big sites and I wanna add a search engine, I don’t wanna google cse, I know how to create a search engine, however I don’t know how to make the form secure and how to add the page automatically to the database, because I don’t want to add them manually.
2- I have a newsletter form how to secure it (99.9) I mean how does facebook and youtube…secure their form? Is mysql_real_escape_string so secure? A top contributor told me that it introduce other problems and that he uses the simple strings that are usually used such as “, ‘, but I want mt newsletter form to be fully secure (as much as possible)
You know I use about 30 sql injection and they work on big sites (universities, web hosting sites and business sites…I tried them trust me) what I’m trying to say is that even big companies have troubles to defend against some of the simplest form of sql injection, there are 180 sql injections, so every time I try to create a dynamic site or even a simple form, I am afraid of someone trying to hack me, so I stick with static pages, and now I’m creating big sites and I have people working with me so I have to get passed my worst fears, but I can’t because I used to hack people and i know how easy it is to hack sites, so my main concern is security.
And my final Q, if you create your own language (like fbml for facebook) and you kept that language secret and you didn’t teach anyone how it works would somebody be able to hack you?
Best answer:
Answer by Asmith
1.) Search engines usually allows the user/viewers to add their website to the search engine.
2.) a) mysql_real_escape_String simply makes sure the string is safe to be added to the database. It prevents mysql errors.
b.) Try looking into SSL, notice some websites begins with the protocol “https” instead of http. https is a secured protocol while http is standard. Also you could also try encoding your string and decoding it when it reaches where it’s going. But search engines normally includes it’s criteria in the url. ex ?query=string,
you also thinking too deeply in this hacking thing. If you create your own language it doesn’t prevents hacking. You just would have to keep the passworded access to your website confidential. and always escape all strings to prevent failure in the database.
Give your answer to this question below!
One Comment on “1 Q about mysql driven websites and 2 Q about the security of the forms?”
1) The usual way is you write a program that loops through all the directories and files in your web site. For each one, it checks when the file was last modified and checks when the file was last indexed. If it was modified since it was indexed, it re-indexes it.
2) The best way is to only allow things that are known to be safe. Rather than trying to figure out everything that might be dangerous and filter it out, just allow through only things you know are safe.
3) Creating your own language won’t make you any more secure. First, you’re likely to make all the mistakes people make when they create and implement a language — you’ll lose the benefit of everyone else’s work. Second, you will either have to make it deliberately obscure (which will slow down all of your development) or you will have to make it logical and sane (which will enable others to figure it out easily).