how do i protect my user system from injection

All about creating websites!
Post Reply
Bozebo
forum buddy
forum buddy
Posts: 19
Joined: 15 Mar 2006, 17:00
15
Location: Scotland
Contact:

how do i protect my user system from injection

Post by Bozebo »

just as the above sais, im not gonna tell u the url even though u can prolly find it out. but r there any measures i should take? how should i test it (without getting a hacker to test it)
i tried lookign at the code and thought abotu what could go in the pw field to bypass it... but i cant figure it out. ill post the code im lookign at if requested
ESCARGOT!!!!


French for snails, say that word near my cat and it goes nuts :S

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11571
Joined: 06 Apr 2005, 16:00
16
Location: The zone.
Contact:

Post by bad_brain »

hm,hard to tell without further info, where are the passes stored for example, in a db or in .htaccess? is it a custom code or a premade CMS? would be best if you post the code too, or (if possible) to set up a testsite on a neutral webspace.
if it´s in PHP you can use Zend Optimizer, ask Maboroshi for details, he used it already I think... :wink:

Bozebo
forum buddy
forum buddy
Posts: 19
Joined: 15 Mar 2006, 17:00
15
Location: Scotland
Contact:

Post by Bozebo »

k.......... i might do that. ill make another thread or post in this one l8r, ty for the advice.
ESCARGOT!!!!


French for snails, say that word near my cat and it goes nuts :S

User avatar
Gogeta70
^_^
^_^
Posts: 3253
Joined: 25 Jun 2005, 16:00
15

Post by Gogeta70 »

Well, if it's in PHP then all you have to do is filter all in put with the "addslashes($var);" function. But that's if it's using an SQL Database. If it's using a flatfile database, then i suggest doing "htmlentities();" and "addslashes();". But yeah, do whatever.
¯\_(ツ)_/¯ It works on my machine...

Bozebo
forum buddy
forum buddy
Posts: 19
Joined: 15 Mar 2006, 17:00
15
Location: Scotland
Contact:

Post by Bozebo »

got htmlentities on it... and strtoupper
ESCARGOT!!!!


French for snails, say that word near my cat and it goes nuts :S

Bozebo
forum buddy
forum buddy
Posts: 19
Joined: 15 Mar 2006, 17:00
15
Location: Scotland
Contact:

Post by Bozebo »

tested like all the thigns i could find on hackthissite.org that told u how to inject, all failed, i can safely say its safe from n00b hacking...
ESCARGOT!!!!


French for snails, say that word near my cat and it goes nuts :S

Post Reply