In the past week, I’ve come in contact with a surprising handful of random folks with websites who either are sending credit card account information over clear email, or asked me directly for my account information over email in a handy form to just “Reply” to. Why don’t I go out on my back porch with a loudspeaker and just announce my credit card information over and over again. C’mon folks! Fraud is REAL! (more…)
My dad and sister once wrote a movie that was loosely based on an old western by Clint Eastwood – and it was named “Cheaters Always Win”. You will never guess who came up with the title…*ahem*.
Anyway, thanks to this page:
http://www.ilovejackdaniels.com/cheat-sheets/
you can win too!! These pages are great! I especially like the php and mysql versions. But they all seem equally invaluable (invaluable meaning “more than valuable”). So thanks to Dave Child for sharing.
Could one ever really exist? I mean, this is the internet. It’s worldwide! Anyone and their brother could get the simplest website off the ground if they wanted to. With that at stake, we as designers hold the standard that in order to make ourselves worthwhile and of value to your clients, we must excel at our trade and rise above the templates! Could Google have more in mind though? (more…)
PHP Security is like manure, if you only do it in one spot – it stinks, but if you spread it around, it will grow wonderful things.
When I used to hear about different php packages being compromised (see netcraft.com regarding phpBB for instance) I would immediately brush it off as a fluke or the work of some nerd with WAY too much time on his/her hands who was instigating trouble. Sometimes that profile fits. Sometimes not. Sometimes the hacker doesn’t do any harm, they are just using the exploit as a jumping off point to do damage to other sites. Sometimes that have truly malice intent.
I also thought that the only things being hacked were extremely high profile open source products or Microsoft products. Bear with me, my naivety worstens. Then I thought it might only happen to eCommerce sites.
Dead Wrong.
Someone hacked my personal website (a few years ago, and which is no longer running) just because I had cool movie quotes on it. Seriously, when you look at the server logs, it was simply an attack on a php page that I wrote in my early days of learning PHP and they completely overloaded the server. They exploited one little page to bring down an entire shared hosting environment. And all because of one little security bug I overlooked to make life easier while I was writing the code…in this case: register_globals on
The moral of the story, if there is one, is don’t think your scripts are safe just because they are only used on one little page on a site that hasn’t peak 1000 hits a year. You are vulnerable. And you may luck out, and the bad guys may never find out…but what if they do…
Be secure in all your form processing, variable loading, sql using and watch your website grow.