Comments on: Can You Hack Your Own Site? A Look at Some Essential Security Considerations http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/ Web Development & Design Tutorials Sat, 21 Nov 2009 18:53:09 -0800 http://wordpress.org/?v=2.8.4 hourly 1 By: Allan http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-134587 Allan Sat, 21 Nov 2009 17:03:45 +0000 http://nettuts.com/?p=51#comment-134587 I totally agree with you but the downfall of doing so would be slow server performance! I totally agree with you but the downfall of doing so would be slow server performance!

]]> By: SplitFive http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-129947 SplitFive Fri, 13 Nov 2009 05:11:55 +0000 http://nettuts.com/?p=51#comment-129947 Very nice tutorial. I loved it. Very nice tutorial. I loved it.

]]> By: mohammed yaghi http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-122772 mohammed yaghi Fri, 23 Oct 2009 17:06:01 +0000 http://nettuts.com/?p=51#comment-122772 really nice tots really nice tots

]]> By: Joe http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-117620 Joe Mon, 12 Oct 2009 06:50:32 +0000 http://nettuts.com/?p=51#comment-117620 Nice Security Tips! :P Nice Security Tips! :P

]]> By: Myfacefriends http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-84263 Myfacefriends Mon, 27 Jul 2009 03:56:28 +0000 http://nettuts.com/?p=51#comment-84263 Thanks for this wonderful tuts! Thanks for this wonderful tuts!

]]> By: tutorials — B.B.Log http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-84188 tutorials — B.B.Log Sun, 26 Jul 2009 19:54:46 +0000 http://nettuts.com/?p=51#comment-84188 [...] http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential... http://php-ids.org/ [...] [...] http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential... http://php-ids.org/ [...]

]]> By: Jonli http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-77864 Jonli Wed, 08 Jul 2009 09:11:43 +0000 http://nettuts.com/?p=51#comment-77864 Good Article.I like it. Cheers Good Article.I like it.
Cheers

]]> By: Anthony - Magictallguy http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-73239 Anthony - Magictallguy Sat, 20 Jun 2009 02:29:48 +0000 http://nettuts.com/?p=51#comment-73239 You can hope, but you can *never* assume that every visitor is friendly. Always clean user input and output. Don't let lazyiness be your downfall ;) You can hope, but you can *never* assume that every visitor is friendly.
Always clean user input and output.
Don’t let lazyiness be your downfall ;)

]]> By: Anthony - Magictallguy http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-73237 Anthony - Magictallguy Sat, 20 Jun 2009 02:26:15 +0000 http://nettuts.com/?p=51#comment-73237 Not necessarily. I have rushed an entire site before, and not once did anything get through my defences. Not only that, but my "defences" were mostly simple PHP! Scripting security isn't as hard as people make out - though the extra nudge in the right direction does help :P Not necessarily. I have rushed an entire site before, and not once did anything get through my defences.
Not only that, but my “defences” were mostly simple PHP!

Scripting security isn’t as hard as people make out – though the extra nudge in the right direction does help :P

]]> By: Anthony - Magictallguy http://net.tutsplus.com/tutorials/tools-and-tips/can-you-hack-your-own-site-a-look-at-some-essential-security-considerations/#comment-73234 Anthony - Magictallguy Sat, 20 Jun 2009 02:18:15 +0000 http://nettuts.com/?p=51#comment-73234 You can very easily change all uppercase to text to lowercase - a simple PHP function exists for that. strtolower(). Combine that with the replaceUnsafeWords(), and you've got the uppercase bypass sorted. As for the style="expression()" attribute, wouldn't it be easy to simply add that into an array and strip anything hinting towards that? You don't always have to go overboard and have 1,000,000 megabytes of security to do a few simple tasks that most existing PHP functions can handle - there's nothing wrong with keeps things *relatively* simple ;) You can very easily change all uppercase to text to lowercase – a simple PHP function exists for that.
strtolower().
Combine that with the replaceUnsafeWords(), and you’ve got the uppercase bypass sorted.

As for the style=”expression()” attribute, wouldn’t it be easy to simply add that into an array and strip anything hinting towards that?

You don’t always have to go overboard and have 1,000,000 megabytes of security to do a few simple tasks that most existing PHP functions can handle – there’s nothing wrong with keeps things *relatively* simple ;)

]]>