Hello all, I want to secure a page which uses the script of "phplist". Basically this script stores username, name, surname, email etc of users in order for the company to send newsletters to their clients. Except from stripping slashes,backslashes etc or special characters, are there any other ways to prevent the data stored in the db from somenone that wants to "lay their hands" on them? Thank you!
Sure, but is it worth the trouble just to protect e-mails? Heh. Also, depends on what kind of webhosting you have, what server you run, etc. Make sure you have something like this (really basic) if(!isset($_SERVER['HTTP_USER_AGENT'])){ die("Forbidden - You are not authorized to view this page"); exit; } and/or this if(!$_SERVER['REQUEST_METHOD'] == "POST"){ die("Forbidden - You are not authorized to view this page"); exit; } change post to whatever method. there's a whole bunch of things to do.
Dont use the same database for emails as you do other important information. One day some guy hired me to secure his site. I found out 10,000 emails, passwords, usernames, and more could have been compromised if I hadnt told him about a problem with his security. You can also use my search engine I call hackersearch. It searches specific websites that deal in website security. http://www.sandsword.com/isearch2/