Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    Senior Coder twodayslate's Avatar
    Join Date
    Mar 2007
    Location
    VA
    Posts
    1,042
    Thanks
    67
    Thanked 39 Times in 39 Posts

    Giving members one page profile

    I am planning for my future site to have the coolest profiles imaginable. They will have full access to one page. That includes HTML and CSS.

    I just do not want them to hack my system or ad virus's.
    To stop this I will take away javascript, iframes and embeds. Anything else?

    If they want to add a movie or game they have to use
    {utube="http://"}
    if they want to show people how many posts they have in the forums
    {forum id="postcount"}

    Does that sound good? Do I need to disable anything to be more secure.

    So basically I am giving my members one full page they can edit within some boundaries.
    twitter | Quality Hosting - $5.95/mo*
    Feel free to PM me!

  • #2
    New Coder
    Join Date
    Jan 2007
    Location
    Wales
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sounds like a good idea!
    Well you'll need a secure database to prevent sql injections.
    Tom Dean

  • #3
    Senior Coder twodayslate's Avatar
    Join Date
    Mar 2007
    Location
    VA
    Posts
    1,042
    Thanks
    67
    Thanked 39 Times in 39 Posts
    Quote Originally Posted by napster View Post
    Sounds like a good idea!
    Well you'll need a secure database to prevent sql injections.
    Can you explain that more? How would they use these injections?
    twitter | Quality Hosting - $5.95/mo*
    Feel free to PM me!

  • #4
    New Coder
    Join Date
    Jan 2007
    Location
    Wales
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well I take it you'll have the users information stored in a sql database. They could retreive users information, passwords, emails if the injection is done correctly, you'll need to read more in to it.

    Heres a link http://www.securiteam.com/securityre...DP0N1P76E.html

    It explains on how to perform a sql injection, and of course if you know how to perform one, then it'll give you an idea of how to protect your website from them.
    Last edited by napster; 04-23-2007 at 12:00 AM.
    Tom Dean

  • #5
    Senior Coder twodayslate's Avatar
    Join Date
    Mar 2007
    Location
    VA
    Posts
    1,042
    Thanks
    67
    Thanked 39 Times in 39 Posts
    So basically get rid of forms too. Or did I not understand?
    twitter | Quality Hosting - $5.95/mo*
    Feel free to PM me!

  • #6
    New Coder
    Join Date
    Jan 2007
    Location
    Wales
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well they inject sql into the url aswell, so keep forms, But you'll need to learn about stored procedures. Stored procedures restrict objects within the database to specific accounts, and permitting the accounts to just execute stored procedures.
    Tom Dean


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •