Safety Tips web application development

 web application development

Safety is a very important aspect that you should pay attention when developing. It is important to keep in mind from the very beginning of the development. Leaving security as an afterthought to perform at later. That is why we will leave some tips on how to improve safety during the development of web applications.

Do not trust users

This is one of the most important rules. Consider your entire user data sent as malicious.

1 $ Id = intval ( $ _GET [ 'id' ]);


2 mysql_query ( "SELECT username, email, password FROM users WHERE id = $ id" );

With one line we can avoid SQL injection. For example.

Validation data on the server

It is important to validate the data in the server. Although also perform client validation using JavaScript for example we must not forget that it is relatively easy to skip this. Validating data on the server from the beginning we avoid many problems.

Pay attention to the uploaded files

If you allow your users to upload files to the server checks properly. If they are images check its size, MIME type, etc. with the function getimagesize . Where are other files you can use fileinfo (available since version 5.3.0) for file information. 

Secure your forms against bots

Use some kind of captcha to secure your forms against spammers bots. There are different techniques you can implement your own make use of some external service or use a third party library.

Minimum permissions for the user of the database

Give the minimum user permissions to the database. If the application will query only SELECT, INSERT and UPDATE that the user of the database can only perform SELECT, INSERT and UPDATE. It is not complicated and you can avoid the occasional headache.

 Also Read  Change Location of SQL Server database server

Leave a Reply

Your email address will not be published. Required fields are marked *