Internet Technologies 简明教程

Website Security Consideration

Websites are always to prone to security risks. Cyber crime impacts your business by hacking your website. Your website is then used for hacking assaults that install malicious software or malware on your visitor’s computer.

Security Considerations

Updated Software

It is mandatory to keep you software updated. It plays vital role in keeping your website secure.

SQL Injection

It is an attempt by the hackers to manipulate your database. It is easy to insert rogue code into your query that can be used to manipulate your database such as change tables, get information or delete data.

Cross Site Scripting (XSS)

It allows the attackers to inject client side script into web pages. Therefore, while creating a form It is good to endure that you check the data being submitted and encode or strip out any HTML.

Error Messages

You need to be careful about how much information to be given in the error messages. For example, if the user fails to log in the error message should not let the user know which field is incorrect: username or password.

Validation of Data

验证应在服务器端和客户端执行。

Passwords

最好强制执行密码要求,例如至少八个字符,包括大写、小写和特殊字符。从长远来看,这将有助于保护用户的信息。

Upload files

用户上传的文件可能包含一个脚本,当在服务器上执行该脚本时,将打开你的网站。

SSL

在网站和网络服务器或数据库之间传递个人信息时,最好使用 SSL 协议。