应该采取什么样的安全措施,而不是跨脚本攻击和SQL注入攻击 [英] What security care should be taken rather than cross scripting attack and SQL injection attack
问题描述
大家好,
我实现了一个网站,我负责处理sql注入攻击和跨脚本攻击现在应该采取什么安全措施而不是跨脚本攻击和sql注入攻击。
我在谷歌上搜索但是没有发现两者都在上面,请告诉我我必须采取哪些护理措施才能让它更安全,这个是我的第一个网站。而且我不知道各种类型的黑客技巧
请提供一些想要学习的东西。
谢谢。
我尝试了什么:
大家好,
我实现了一个网站,我负责处理sql注入攻击和跨脚本攻击,现在应该采取什么安全措施,而不是跨脚本攻击和SQL注入攻击。 br />
我在google上搜索但是没有发现两者之上,请告诉我我必须采取哪些护理措施才能使其更加安全,这是我的第一个网站。而且我不知道各种类型的黑客技巧
请提供一些想要学习的东西。
谢谢。
Hello all,
I implemented one website where i take care of sql injection attack and cross scripting attack now what security care should be taken rather than cross scripting attack and sql injection attack.
I searched on google but does not found rather above both, please guid me which care sholud i have to take to make it more secure,this is my first website. and i am not aware various type of hacking tricks
please provide some liks also to study.
thank you.
What I have tried:
Hello all,
I implemented one website where i take care of sql injection attack and cross scripting attack now what security care should be taken rather than cross scripting attack and sql injection attack.
I searched on google but does not found rather above both, please guid me which care sholud i have to take to make it more secure,this is my first website. and i am not aware various type of hacking tricks
please provide some liks also to study.
thank you.
推荐答案
答案很简单:更多。
有人窃听的是什么验证程序?更敏感的时刻:有人会在第一时间窃听密码创建?重置忘记密码和将新(临时)密码传递给用户的程序?
服务器端处理数据时发生的情况联系我们页面?如果恶意艺术家知道邮件消息涉及进一步处理,则可以立即在HTTP请求中注入恶意邮件头 - 您是否在发送邮件之前清理数据?
基于对Web开发人员在现实生活中犯下的一些最基本的错误的一些经验,我提到的只有一些项目立刻浮现在我的脑海中。还有很多问题,而且没有一个问题不那么重要。
所以,我的答案的实质是:你不能指望一位专家会在你的订单上写一本关于网络安全的漏洞书。
你可以从这里开始,但这还不够:互联网安全 - 维基百科,免费的百科全书 [ ^ ]。
这只是为了让你了解所涉及的一些基本想法。如果您的网站中涉及一些敏感信息,您必须完成该主题的大部分教育;我仍然无法确定它是否足够。例如,一些CodeProject专家过去常常建议:永远不要开发与支付真钱有关的任何东西;一个人无法学习足够的互联网安全性并开发出人们可以真正依赖的可靠应用程序。安全是认真的商业™。 :-)
很抱歉没有全面回答你的问题,我相信这是不可能的。
-SA
The answer is simple: a lot more.
What happens is someone eavesdrops the authentication procedure? Even more sensitive moment: what happens is someone eavesdrops creation of a password for the first time? reset of the forgotten password and the procedure of passing new (temporary) password to the user?
What happens during server-side handling of the data from the "contact us" page? If a malicious artist knows that a mail message is involved in further processing, the malicious mail headers can be injected in HTTP request in no time at all — do you sanitize the data before sending the mail?
I mentioned only few items which came to my mind immediately, based on some experience with some of the most basic mistakes the Web developers make in real life. There are a lot more concerns, and none of them is less important.
So, the essence of my answer is: you cannot hope that one of out experts would write a hole book on Web security on your order.
You can start here, but it won't be enough: Internet security — Wikipedia, the free encyclopedia[^].
This is only to get you some basic ideas on what involved. If you have some sensitive information involved in your site, you have to get a whole big part of education of the topic; and still I cannot be sure it would be enough. For example, some of CodeProject experts used to advise: never ever develop anything related to paying real money; one person just cannot learn enough Internet security and develop such a reliable application which people could really rely on, when it comes to money. Security is serious business™. :-)
Sorry for not answering your question in full, I believe it would not be possible.
—SA
这篇关于应该采取什么样的安全措施,而不是跨脚本攻击和SQL注入攻击的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!