Subdomains and TIC page-rang
Subdomain (subdomain) is the secondary name of the site (or part of the main site), which is located in the domain zone of the main site. Simply put, a subdomain…

Continue reading →

We start your broadcast
Let's forget for a second that you will be talking about something on the air. We will pretend your show is in the “all-rock, no-talk” format. Nothing but non-stop music.…

Continue reading →

What is a CMS?
Internet users are having to deal with this magical combination of letters more and more often. So what does this spell mean, and in what area of ​​the Internet is…

Continue reading →

How to protect your site from hacking?

Today, the Internet is gaining more and more popularity, and the word “site” has firmly entered our vocabulary.

The last time, two more are constantly walking by the handle with this word – this is “development” and “promotion”. And this is not surprising, because under the pressure of an incredible number of different offers in the provision of services for the development and promotion of sites in the brain of an ordinary user, these two concepts are rooted as the only ones worthy of attention when launching an Internet project.

But there is one more word, without which neither creation, nor promotion, nothing will make sense at all if you are creating a serious project. Moreover, if you neglect this word, your deeds may turn out to be much worse than it was before.

This is about security, and not about the physical security of the computer on which your site is stored, which, of course, should also be taken care of, but about security on the Internet.

It is difficult to overestimate the importance of security issues for your site if important information is stored in its database. For example, it is difficult to imagine that the head of the IT department in any large bank, the database of which stores the numbers of his customers’ credit cards and other important information, will be able to sleep peacefully at night if he is informed the day before that the bank’s website who is responsible, is not properly protected and can be cracked within an hour by a little clever cracker.

But often this is exactly the case! Moreover, even the site code protected by special functions, the database limited by permissions for access to information, and the employee responsible for the security of your data with a high salary will not always be able to guarantee you one hundred percent protection. That is why, so that later it would not be excruciatingly painful, it is necessary to carefully organize the data protection system.

In this article, I will cover the topic of protection against perhaps the most common method of hacking a site – SQL injection. To begin with, we will determine that all, without exception, modern, voluminous, complex sites are built on the basis of a database.

Work with data stored in the database of your site is carried out through the structural query language SQL. SQL injection is the technique of introducing certain code into the original SQL query that does not violate the structure of the query itself, in order to gain access to the data contained in the database.

The possibility of introducing SQL injection arises due to insufficient verification of the values ​​received from the user. Implementation of SQL injection, depending on the type of DBMS used and the conditions of implementation, can enable an attacker to execute an arbitrary query to the database – for example, read the contents of any tables, delete, modify or add data, get the ability to read and / or write local files and execution of arbitrary commands on the attacked server.

Most SQL injections are used in input forms, such as user registration, subscription, ordering goods, etc. But do not be mistaken about the fact that we are talking only about visible input forms. Very often, a website URL is used to infiltrate SQL injection code. Thus, if your site is not protected from penetration in any way, an attacker can easily pick up the keys to your database and get any information that is stored in it.

So, let’s go directly to the methods of protecting your site from SQL injection:

1. Do not trust the data that the user enters into the form on your site. All these data must be checked for the presence of malicious code in them. For this, firstly, it is worth limiting the length of the fields where possible. For example, for the string “Name” 10 characters are enough.

Use special functions to process all data received from the user. When using PHP, functions mysql_real_escape_string () are suitable here (it escapes forbidden characters like типа, ”with slashes), Htmlspecialchars () (converts forbidden html descriptors). Here you can also check the type of input values, for example, using intval () for numerical values.

2. Restrict users access rights to the database. The less rights a user has, the less harm there will be if SQL injection is introduced.

3. The principle of SQL injection implementation is that the cracker guesses the structure of your database queries, selects the possible names of tables and columns of this database and extracts data based on the information received. So, for example, trying to access the password table of your database, it will pick up names like pass, password, users, etc. Therefore, it is unlikely that he will be able to extract information from this table if you call it “aslfjsaf”. However, this method is too radical, since it will make it difficult for you personally to work with the database – because of the uninformativeness of the names.

Nero
Nero includes: Nero Burning Rom - an application for burning and copying CDs. Nero Express is actually the same Nero Burning Rom with a redesigned user interface. Nero BackItUp -…

...

Web-sites' templates. Free Internet Resource Templates
Connecting your browser to the global Internet is no big deal. A person constantly wants to communicate, and for this you need to create your own page, on which you…

...

How to launch your site? Hosting and domain
So, you have already chosen the method by which your Internet resource will be created, and suppose that your site is already ready to become seen by all Internet users.…

...

What is PDF and how to open it. Brief information
All novice computer users sooner or later come to the question of how to open PDF. Why? First of all, because in the Windows operating system there are no built-in…

...