how do i protect my user system from injection

Bozebo · Post by **Bozebo** » 20 Mar 2006, 11:56

just as the above sais, im not gonna tell u the url even though u can prolly find it out. but r there any measures i should take? how should i test it (without getting a hacker to test it)
i tried lookign at the code and thought abotu what could go in the pw field to bypass it... but i cant figure it out. ill post the code im lookign at if requested

Post by **bad_brain** » 20 Mar 2006, 13:03

hm,hard to tell without further info, where are the passes stored for example, in a db or in .htaccess? is it a custom code or a premade CMS? would be best if you post the code too, or (if possible) to set up a testsite on a neutral webspace.
if it´s in PHP you can use Zend Optimizer, ask Maboroshi for details, he used it already I think...

Bozebo · Post by **Bozebo** » 20 Mar 2006, 13:24

k.......... i might do that. ill make another thread or post in this one l8r, ty for the advice.

Post by **Gogeta70** » 20 Mar 2006, 13:49

Well, if it's in PHP then all you have to do is filter all in put with the "addslashes($var);" function. But that's if it's using an SQL Database. If it's using a flatfile database, then i suggest doing "htmlentities();" and "addslashes();". But yeah, do whatever.

Bozebo · Post by **Bozebo** » 21 Mar 2006, 09:55

got htmlentities on it... and strtoupper

Bozebo · Post by **Bozebo** » 24 Mar 2006, 10:36

tested like all the thigns i could find on hackthissite.org that told u how to inject, all failed, i can safely say its safe from n00b hacking...