Secure Your Web Applications (Part II)

Monday, August 21, 2006

3. Watch carefully for your interactive user inputs. Make some characters limitation to prevent the XSS (Cross Site Scripting) vulnerability. Do not store HTML code into the database, make for the string replacement first.

4. Copy the default page for each folders to prevent user explore sessions ability. It is more easier than you have to set up the web server configuration files for the same result.

5. Don't store user password in plain string data type. I suggested that you have to encrypted the password to make more difficult the others server administrators to breake the site members area, especially for the webmaster. It's look good enough if you using authentication of combination with md5 hashing or custom encrypt decrypt class.

6. Make some line feeds before first HTML tag. For example, place the header <HTML> tag after 200 lines from the source code. It's so tricky one since the plain HTML will show an empty blank file after executing view source from browser which actually it places under lines 200.

Okay, I think it is enough for the secrets i've told you. There's more secrets indeed, but i've been planned this for two pages. If you want more tricks to secure your pages, just open communications with me.

PS: If you've benefit from this blog,
you can support it by making a small contribution.