"Dan Joseph" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > > > I have created a site that allows users to schedule staff, make > > appointments > > etc. Users must log in to use the site and the users data is held in the > > Users table of the MySQL database. However, due to the nature of > > the site I > > need to make sure it is 110% secure against hacks etc. Now I know > > this isn't > > actually possible but I would appreciate any advice on how I can get it as > > secure as possible, I have no experience on this aspect of web > > development. > > Turn off register globals. Validate all form posts for bogus data. Check > that the cookie hasn't been changed with bad characters malliciously. > Things like that. Try and break into the site w/o logging in. We paid for > a security audit from a company called @stake (www.atstake.com). If you can > afford it, I'd contract someone to audit you. > > -Dan Joseph
Thanks for your reply, why would it be necessary to turn off register globals? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php