Security Basics mailing list archives
Re: How can I secure my site?
From: Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com>
Date: Wed, 28 Apr 2010 13:50:08 +0430
Hi I use mysql as db and i have written sql injection and I think database is secure now. but I have a login form. I want to secure user login datas. If I copy my code in https folder on my host, are all transmissions encrypted? how can I find the algorithm and methods that my host uses to encryption? On Wed, Apr 28, 2010 at 1:39 PM, Adam Pal <pal_adam () gmx net> wrote:
Hi Ali, Providing more detail would be helpfull - is there a DB-backend used? If so, thats where protection should start (dedicated access). Is the PHP code clean and does it properly filter user inputs? Has it been reviewed? Simply using a HTTPS connection could protect against an MITM attack but imho. thats all - nothing more. Best regards, Adam Pal P.S. For a full security consultation concerning the page you might try to contract someone, the mailing list can surely help but not replace a full-service. -------- Original-Nachricht --------Datum: Wed, 28 Apr 2010 01:21:50 +0430 Von: Ali Asghar Toraby Parizy <aliasghar.toraby () gmail com> An: security-basics () securityfocus com Betreff: How can I secure my site?Hi I have written a php website. In this site I sell some license and serial number. I need to protect serial numbers and user names and passwords against sniffers and crackers. Now I want to secure this site and encrypt sessions using https. What do i have to do? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 -------------------------------------------------------------------------- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- How can I secure my site? Ali Asghar Toraby Parizy (Apr 27)
- Re: How can I secure my site? ㅤ ㅤRockey (Apr 30)
- Re: How can I secure my site? Ali Asghar Toraby Parizy (Apr 30)
- Re: How can I secure my site? ㅤ ㅤRockey (Apr 30)
- Re: How can I secure my site? Ali Asghar Toraby Parizy (Apr 30)
- Re: How can I secure my site? Adam Pal (Apr 30)
- Re: How can I secure my site? Ali Asghar Toraby Parizy (Apr 30)
- Re: How can I secure my site? J. Bakshi (Apr 30)
- Re: How can I secure my site? ㅤ ㅤRockey (Apr 30)