Miscellaneous Security

How secure is your website?

On todays world where people are sharing everything on the web clueless, people often forget one fact “SECURITY”. While general people are leaving there where abouts everywhere, we as developers must take care that the informations that are in our website remain secure and our website remains safe from those attacks that tend to damage our website or steal informations from there. There are a few things that we can take care of so that there are lesser chances that our sites get accessed by unwanted elements. Today we look into what can be done to keep ourselves on the safer side.

There are a few things that need to be taken great care about.
1. Setting right access to folders:
One of the main thing that we often forget is that we do not set the correct folder access properties to the folders. While some folders may require a 777 access (read-write-execute for all) it is safe to not put valuable informations on that folder, since anyone can make changes to it. So it is better that you keep your access limited to where everybody cannot write on the folder. 755 would be better where required. You can change the attributes from your FTP client by right clicking on the required file or folder and clicking on change CHMOD.
2. Ensure the presence of .htaccess file
.htaccess files are often used to specify the security restrictions for the particular directory, and make sure you have not deleted it by accident or if it is there in the first place.
3. Add robots.txt file
robots.txt gives special instructions to search engine spiders as to which folders are to be indexed and which ones are not. Folders with documents, images etc can be kept under wraps from being indexed and displayed in public web searches.

4. SQL Injection
SQL injection is the process of modifying your current SQL statement to something else and fetching datas from the tables that you don’t want them to. You can protect this by validating datas that are passed by the user. Using php’s inbuilt functions such as addslashes, mysql_real_escape_string you can validate the user input. First thing is don’t trust your user. Yes you read that right. I mean any one could be your user and you should not trust them with your site and informations of other users. SQL injections can happen from search box, login forms, and any other forms that connect to your database.
5. XSS Attacks
XSS is Cross Site Scripting and it is the method used by hackers to access user informations like sessions, cookies and other informations. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007. It is typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. This can also be minimised by validating external values or datas sent by user through forms or the Browser’s address bar.
Taking care of these security issues will make your site better protected from unwanted access and will help protect your site informaiton. It is never late to use these steps because you never know, it may be your website next.