website security

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • michaeldebruin
    New Member
    • Feb 2011
    • 134

    website security

    hello,

    I am trying to create a website with a strong security.

    I know I need a hash for my login system and I need to protect every webpage for SQL injection. But do you know any other types of protection which I should consider and which you recommend to use?

    And for the hash, which way of encryption can you recommend? (I would highly appreciate a tutorial how to make sure the encrypt/decrypt system works properly)

    To make some things clear I am going to sell some stuff on it, that's why I need a strong security.

    Thanks in advance
  • Rabbit
    Recognized Expert MVP
    • Jan 2007
    • 12517

    #2
    If you're new to website security and you are trying to implement an e-commerce solution, I strongly suggest you use an open source solution such as zen cart.

    Trying to create a solution from scratch when you don't know the concepts yet is asking for trouble. I can see attempting something of this magnitude for learning purposes where you're not actually using confidential data, but to attempt to do so with live data is risky.

    Comment

    • michaeldebruin
      New Member
      • Feb 2011
      • 134

      #3
      I know all the risks and stuff like that and I am also not saying that the website is going online. I just want to make a website to practice, so I know I can make one with a very strong security.
      So please tell me if you know some answers on my question.

      Comment

      • Rabbit
        Recognized Expert MVP
        • Jan 2007
        • 12517

        #4
        Well, you'll want to use HTTPS for all the communication between the client and the server. As for the password, yes, you'll want to store the hash and not the plain text. MD5 is a popular algorithm but it is no longer recommended. I am partial to SHA2 myself. I learned to implement that from the pseudo code on the wikipedia page. It also has a couple of hash results that you can use to check if your implementation is correct. Having said that, PHP has hash functions built in so there's no need to implement your own.

        Comment

        Working...