How to make your website more secure in PHP-Mysql environment
PHP is possibly the most powerful language of all open-source programming languages. Not only being used for web pages, it is becoming increasingly popular tool for stand-alone programs and corporate applications. Choosing php as programming language for a website is not enough. With open source coding being one of the properties of php MySQL development, securing your code becomes essential. More the user interaction with the website, more is the risk to data security especially when you are allowing user to upload a file. There are certain things which every Website Programmer should keep in mind while developing his/her site.
Security measures which should be taken during php Programming:
- You should check the referrer, for being sure that the information sent is from your website and not an outside source. Since, there are maximum chances of the information being fake.
- Restriction of the type of extension files being uploaded on the website is yet another method of security check.
- Renaming files is another way in which the program can be secured. This procedure involves the checking of double-barreld extensions like yourfile.php.gif.
- Changing the permission command for the upload folder so that files within it are not executable.
- All the alterations created by the user should be allowed only when they ‘Login’ into the database. On the other hand the owner of the site should always keep a close watch on all files being uploaded and then make them live.
Securing MySQL is very essential for the smooth running of the website. This is based on Access Control Lists and SSL-encrypted connections, for protecting the php MySQL web development program from random users visiting the website. Some of the vital things to be considered for online site protection are:
- Accessing of the MySQL database should not be allowed for any and everyone.
- Privileges to the users should always be accompanied with some restriction. If one can easily connect to the server without any ‘login’ then the security level code of the MySQL server should be rechecked.
- The MySQL database should be void of plain-text passwords. Use programs like MD5 (), SHA1(), or some hashing function for complete protection.
- Do not choose passwords from dictionaries, since they can be hacked easily. Use programs that break the passwords.
Therefore, the successful development of a website through php and MySQL web development is complete only when the you consider all the loop holes which may effect your site Security. In this series of my articles I will try to point out problem areas which should not be ignored while programming your website.