Ehcloprom Posted February 9, 2012 Group: Members Topic Count: 10 Topics Per Day: 0.00 Content Count: 82 Reputation: 11 Joined: 01/01/12 Last Seen: December 29, 2018 Share Posted February 9, 2012 (edited) Well guys I'm currently coding a Control Panel written in PHP obviously. (Mainly for learning purposes) Anybody got asome tips on security have searched online but alot of stuff is Outdated so i just want to make sure! Registering Logging In Other SQL related tasks Edited February 9, 2012 by Obliterate Link to comment Share on other sites More sharing options...
KeyWorld Posted February 9, 2012 Group: Members Topic Count: 9 Topics Per Day: 0.00 Content Count: 379 Reputation: 304 Joined: 11/10/11 Last Seen: December 2, 2014 Share Posted February 9, 2012 registrationCheck the sex, some panels allow to use the Server 'S' sex. Check if the username is not already in used (be aware this check can be used to find other username) Check the mail Be aware that the player don't create 6500 account in your server (captcha ?) [*]Logging in Block if too may attempt to connect (bad user/bad pass), using a captcha or other check. Don't write a specify message for each error: "bad password" or "bad user", to avoid to find a specify username. [*]Other SQL related tasks Use PDO to block a big part of SQL injection Don't use privileges that you don't need, (don't use a write access when you just need to read data in your sql data). [*]Others Be aware with cookie, get, post, referer, ... data since it can be change clientside. Be aware, when a player request an action in your panel you need to check he asks it before (example, delete character, etc.) it can be used in all current panel to abuse other session to do what you want. Hide PHP errors. etc. etc. There are a lot of exploits possibles and doing a panel is good for learning purpose since you have to check each entry. Link to comment Share on other sites More sharing options...
JayPee Posted February 11, 2012 Group: Members Topic Count: 47 Topics Per Day: 0.01 Content Count: 633 Reputation: 78 Joined: 11/14/11 Last Seen: September 20, 2017 Share Posted February 11, 2012 Registering: Check username length and the allow only numbers and letters to be used - better to use both server side(more important) and client side validation. Have a captcha and a special QA as verification if the users is a real human. Email Validation or Verification. Login: Log its IP Address As keyworld said better not to give specific error. Other SQL Related Tasks: Use mysql_real_escape_string($value) for every values that came from url and users. Link to comment Share on other sites More sharing options...
Question
Ehcloprom
Well guys I'm currently coding a Control Panel written in PHP obviously. (Mainly for learning purposes)
Anybody got asome tips on security have searched online but alot of stuff is Outdated so i just want to make sure!
- Registering
- Logging In
- Other SQL related tasks
Edited by ObliterateLink to comment
Share on other sites
2 answers to this question
Recommended Posts