php - Best ways learn basic web security -

-

i'm 16 , lot of web design people. front end design apart occasional bit of php when handling forms. while know how manage basic sterilisation , validation, learn more intricate things user management , login systems. know way around js, mysql , php, etc... don't feel confident securing such systems. know there not 1 solve guide web security, wondering if knows helpful guides, resources, etc.... also, somewhere start.

what want learn about:

  • setting , acquiring ssl certificates
  • handling ssl certificates
  • building secure login systems
  • using cookies security purposes
  • general php security
  • sql security

my end goal able build sites users who's basic info can securely store (no payment details) in sql database. want able create user sign login , editing system. have created before not ssl. question how learn ssl?

could someone... - direct me guide. - direct me examples. - point me in right direction.

(examples big post) said quite broad question sorry (as hates people post questions this). open advice appreciated :)

edit: real question how learn how use ssl , set after i've bought certificate?

i'll add points know.

sql security - basic principle here, never trust user input, sanitize all. there numerous built-in functions so, example htmlentities , real escape string: mysqli, pdo, prepared statement.

using cookies security purposes - cookies point of failure, users can change cookies see fit. best way, use random string inside cookie identify user later on. example, generate 50 character random string, put cookie, make expire on time , store id sql, next time when user connects, can check have id inside sql , check user is. it's still unsafe, not unsafe leaving user_id's or worse, passwords inside cookies. using sessions safer, if need use cookies, that's way it.

building secure login systems - ssl 1 key here. password encryption. php, use password_hash hash password. best way keep passwords not being stolen / cracked, salt them. can, example, use aes encrypt password_hash random string key, know, can decrypt , verify passwords. also, 1 point here make sure, leave failed login counter on page, otherwise people might start flooding site many possible other passwords might work. enforce safe passwords not figured out (test123, password, pa55w0rd etc).

setting , acquiring ssl certificates - ssl certificate end user can accept without getting message ca not recognized, need buy ssl certificate, google one.


Comments

Post a Comment

Popular posts from this blog

magento2 - Magento 2 admin grid add filter to collection -

-
i created grid in admin xml ui components. need filter collection via url parameter , dont know how achieve that. tried inject requestinterface collection, filter didnt work. di.xml <virtualtype name="slidelistingdataprovider" type="magento\framework\view\element\uicomponent\dataprovider\dataprovider"> <arguments> <argument name="collection" xsi:type="object" shared="false">xxx\xxx\model\resourcemodel\grid\slide\collection</argument> <argument name="filterpool" xsi:type="object" shared="false">slidelistingfilterpool</argument> <!-- define new object filters --> </arguments> </virtualtype> <virtualtype name="slidelistingfilterpool" type="magento\framework\view\element\uicomponent\dataprovider\filterpool"> <arguments> <argument name="applier...
Read more

Android volley - avoid multiple requests of the same kind to the server? -

-
i using volley upload list of images server. happens within service. once image uploaded remove list. problem arises when internet connection breaks. when internet connection breaks , comes again thinking of adding images yet uploaded request queue. this can result in more 1 copy of same image saved on server request same image might have gone through before getting rseponse. how can address scenario? i'm not quite sure why you're using service schedule requests volley automatically runs it's request in seperate thread. nevertheless can listen both request results, successful , unsuccessful adding listeners. you can remove image list schedule request using volley. if succeeds can carry on desired, if fails can add again list. public static request getimageuploadrequest(final string image) { response.listener<t> responselistener = new response.listener<t>() { @override public void onresponse(t response...
Read more

Combining PHP Registration and Login into one class with multiple functions in one PHP file -

-
i'm trying combine registration, activation , login scripts php website backend script front end developer can pass variables different forms to. my question whether appropriate approach this. don't want have lot of php files different pieces of application developing. far have written following 2 functions login, register , activate user front end developer can call: <?php /** * created phpstorm. * user: karl * date: 26/07/2016 * time: 02:25 */ class users { function register_user($email, $password, $user_name) { $server_name = "localhost"; $u_name = "root"; $db_password = "root"; $db_name = "betamath_graspe"; //email notification variable $from_address="info@slack.com"; //registration form $msg_reg_user='username taken. please choose different username'; $msg_reg_email='email registered'; $msg_reg_active=...
Read more