Welcome Guest, Not a member yet? Register   Sign In
Authentication
#44

(This post was last modified: 06-17-2017, 03:49 AM by desbest.)

(06-16-2017, 11:53 PM)Diederik Wrote: I took a look at your github page and I would like to note that writing a auth app can be very easy as you say indeed, but writing a secure login system is a whole lot of work...

Passing $_POST varIables straight into your sql queries makes you vulnerable to sql injection. You should read up on some basic php security issues.

That's why you use a server firewall like mod_security or Suhosin and pay for Comodo Firewall to add rules to mod_security. The server firewall escapes ALL the sql queries for you so you don't have to worry about remembering to escape every string individually.

The php functions that php gives you for escaping strings can easily be bypassed by hackers, so a server firewall provides much better protection from hackers.

I don't trust the php functions for escaping strings, and neither should you. Even Stack Overflow had answers about how to bypass the php sql escaping functions.
Reply


Messages In This Thread
Authentication - by ufhy - 08-22-2016, 11:42 AM
RE: Authentication - by albertleao - 08-22-2016, 11:49 AM
RE: Authentication - by PaulD - 08-22-2016, 11:51 AM
RE: Authentication - by prezire - 08-22-2016, 03:17 PM
RE: Authentication - by PaulD - 08-22-2016, 03:47 PM
RE: Authentication - by allan - 10-24-2016, 03:36 AM
RE: Authentication - by pathusutariya - 12-11-2016, 11:17 PM
RE: Authentication - by ciadmin - 12-12-2016, 12:37 AM
RE: Authentication - by qury - 01-11-2017, 03:23 AM
RE: Authentication - by iason - 01-13-2017, 08:35 AM
RE: Authentication - by Narf - 01-13-2017, 11:26 AM
RE: Authentication - by enlivenapp - 01-13-2017, 10:31 PM
RE: Authentication - by skunkbad - 01-13-2017, 06:00 PM
RE: Authentication - by albertleao - 01-13-2017, 07:18 PM
RE: Authentication - by enlivenapp - 01-13-2017, 10:27 PM
RE: Authentication - by Paradinight - 01-14-2017, 08:56 AM
RE: Authentication - by enlivenapp - 01-14-2017, 09:06 AM
RE: Authentication - by Paradinight - 01-14-2017, 10:48 AM
RE: Authentication - by enlivenapp - 01-14-2017, 11:09 AM
RE: Authentication - by prezire - 01-17-2017, 06:37 AM
RE: Authentication - by skunkbad - 01-17-2017, 03:57 PM
RE: Authentication - by byazrail - 01-19-2017, 11:42 PM
RE: Authentication - by andersonsalas - 01-20-2017, 08:46 AM
RE: Authentication - by Narf - 01-20-2017, 08:52 AM
RE: Authentication - by andersonsalas - 01-20-2017, 10:10 AM
RE: Authentication - by prezire - 01-24-2017, 04:52 AM
RE: Authentication - by Narf - 01-24-2017, 06:43 AM
RE: Authentication - by ivantcholakov - 01-24-2017, 08:03 AM
RE: Authentication - by prezire - 01-24-2017, 06:44 PM
RE: Authentication - by skunkbad - 01-24-2017, 11:14 PM
RE: Authentication - by Narf - 01-25-2017, 02:34 AM
RE: Authentication - by prezire - 01-25-2017, 05:52 AM
RE: Authentication - by Narf - 01-25-2017, 08:55 AM
RE: Authentication - by InsiteFX - 01-26-2017, 06:20 AM
RE: Authentication - by Sezu - 01-27-2017, 12:51 AM
RE: Authentication - by baselbj - 02-21-2017, 12:45 AM
RE: Authentication - by Hamed - 05-25-2017, 07:12 AM
RE: Authentication - by skunkbad - 05-25-2017, 02:25 PM
RE: Authentication - by prezire - 05-30-2017, 03:07 PM
RE: Authentication - by PaulD - 05-31-2017, 10:36 AM
RE: Authentication - by desbest - 06-16-2017, 05:57 PM
RE: Authentication - by Paradinight - 06-16-2017, 11:47 PM
RE: Authentication - by Diederik - 06-16-2017, 11:53 PM
RE: Authentication - by desbest - 06-17-2017, 03:46 AM
RE: Authentication - by Paradinight - 06-17-2017, 04:08 AM
RE: Authentication - by desbest - 06-17-2017, 04:34 AM
RE: Authentication - by Paradinight - 06-17-2017, 04:51 AM
RE: Authentication - by desbest - 06-17-2017, 08:28 AM
RE: Authentication - by Paradinight - 06-17-2017, 09:01 AM
RE: Authentication - by desbest - 06-17-2017, 09:11 AM
RE: Authentication - by Paradinight - 06-17-2017, 09:19 AM
RE: Authentication - by albertleao - 06-17-2017, 09:52 AM



Theme © iAndrew 2016 - Forum software by © MyBB