Chap 5 (Cont'd)
Then Project:Chaos begins attempting to break the website through SQL injections.
You should ALWAYS validate user input on your website.
In the process of protecting against SQL injections, they:
1.) Make sure to have a validation-utils.js file
2.) Add a reference to validation-utils.js in the Break Neck web form
3.) Validate the phone number before sending it to the Break Neck web server
4.) Test validation
They also secure the PHP script for the lookupCustomer.php file. The reason for this is because hackers can send a Post request directly to the PHP without using the web form.
There are a couple strings they place in the PHP on page 332.
You should ALWAYS validate user input on your website.
In the process of protecting against SQL injections, they:
1.) Make sure to have a validation-utils.js file
2.) Add a reference to validation-utils.js in the Break Neck web form
3.) Validate the phone number before sending it to the Break Neck web server
4.) Test validation
They also secure the PHP script for the lookupCustomer.php file. The reason for this is because hackers can send a Post request directly to the PHP without using the web form.
There are a couple strings they place in the PHP on page 332.
posted by averyajax at 1:48 AM
0 Comments:
Post a Comment
<< Home