tags:

views:

152

answers:

5
+1  Q: 

tips to make my website (php) hack proof

Possible Duplicates:
What security issues should I look out for in PHP
What should a developer know before building a public web site?

The project i was working on is nearly complete and near launching ,But i want to make sure it is hack-proof as mine friend/partner thinks we have some enemies those can hire smart hackers to make the site down.

And if running site ssl secure (under https ) will help , and i heard its hard on cpu if lots of users ?

Please tell me all security checks that are needed.

Many thanks.

+2  A: 

A couple suggestions:

1) Make sure and suppress errors; hackers can learn a lot about your application by being able to see them

2) Have good permissions set on your server for your web application; if a hacker is able to compromise a process on your server, they'll have a harder time using/accessing other folders/files

3) I don't know that https helps against hackers, except to the point that it will hide data transferred between the client and server (so that really depends on what your application is doing as to whether or not it is necessary)

Matthew  2010-06-19 18:43:17
+3  A: 

i want to make sure it is hack-proof

You can't.

we have some enemies those can hire smart hackers to make the site down

You're screwed.

Please tell me all security checks that are needed.

That's a larger topic than even an SO answer should reasonably cover.

salathe  2010-06-19 18:43:41
Absolutely right... if the OP is concerned about security, he/she should hire a professional that understands "hack-proof" is ridiculous.
alecwh  2010-06-19 21:57:33
+6  A: 

Will my site be secure? was posted earlier. Thought it might be helpful.

Babiker  2010-06-19 18:44:13
Very helpfull thanks :) .
Arsheep  2010-06-19 18:50:28
+2  A: 

Stay away from eval and exec unless you know what you're doing, use mysql_real_escape_string every time any variable that could even possibly be influenced by a third party is being put into a query, use proper file/folder permissions, don't let include() use user data (Get, post, cookie data)... There are hundreds of other things but honestly if you think someone is going to hack your site and you make a post here asking such a vague question - it's going to happen, period. You need to hire someone to do a security audit if it's that big of a concern.
So far everyone has made a good point - listen to them. Also putting error_reporting(0); in your code, as Matthew suggested for instance, takes away one of the easiest ways of finding vulnerabilities in a site.

Jon  2010-06-19 18:53:13
+1  A: 

Modify the php.ini and do these changes, will be helpful. But, this is NOT the complete list, But should be fair enough.

register_globals = Off allow_url_fopen = Off display_errors = On log_errors = On html_errors = Off expose_php = Off safe_mode = On

disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

Mani  2010-06-21 11:38:25

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases