:}
It really depends how in-depth you want to get.
- Demonstrate that your site is protected from attacks like SQL injection by escaping quotes and slashes in your input.
- Restrict permissions to stuff that shouldn't be public.
- Javascript injection can be circumvented by encrypting sensitive data that needs to be passed via POST or GET.
- Use SSL.
- Make your PHP scripts is safe by not defining variable names from user input.
- Turn register_globals, magic_quotes_gpc on and make use of escape slashesm etc.
- Use session control in an encrypted URL or cookie.
- Restrict forms calling your script to only those in your domain - prevents people making their own forms and using them on your script.
- Avoid file uploads if you can.
I'm sure you can think of more. PHP can do it all for you.





Reply With Quote