“私有"服务器上确实需要多少安全性.网站? [英] How much security is really needed on a "private" website?
问题描述
我问这个问题是因为我维护着一个很小的网站,供一群相当孤立的人(不超过80人)使用.它目前具有简单的登录功能(电子邮件,密码),受保护"的数据仅是我们会员的联系信息(电话,地址,电子邮件).该网站使用PHP编写,并使用My SQL.
I'm asking this as I maintain a small website for a fairly isolated group of people (no more than 80). It currently has a simple log in function (e-mail, password) and the data that is "protected" is merely contact information to our members (telephone, address, e-mail). The website is written in PHP and use My SQL.
最近几天,我一直在阅读有关网站安全性的论坛和其他网站,因为我想在我们的网站上对其进行增强.目前,安全性包括存储在数据库中的SQL注入保护和MD5哈希密码.这感觉有些不足,但是我也觉得将它推到太远很容易.我的意思不是这里的核发射代码,但数据人们通常感到有点困惑,无法在线显示.该网站本身由一个知名的虚拟主机托管.
These last couple of days, I've been reading through the forums and other sites about web site security, since I would like to enhance it on our site. Right now the security consists of SQL-injection protection and MD5-hashed passwords stored in a database. This feels abit inadequate but I also feel that it's easy to take it TOO far. I mean it's not exactly nuclear launch codes here, but data people usually feel abit unconfortable to display online. The site itself is hosted by a fairly renown web host.
我现在唯一能看到的威胁是恶作剧者在站点上绊倒并尝试一些自制的调料?
The only threat I can see right now are pranksters stumbling across the site and trying some of their home made concotion?
所以我认为在中间某个地方就足够了.喜欢
So I thought somewhere in the middle would suffice. Like
- SQL注入保护(必要时进行增强)
- 加盐的更强哈希方法
- XSS保护
- DDoS保护
- 访问会员区时使用SSL
您认为其他更有经验的人是什么?
What do you more experienced people out ther think?
更新:我想补充一点,我自己做所有事情,而且没有预算来购买高级加密技术或雇用专业程序员.
Update: I would like to add that I do everything myself and there is no budget for buying fancy crypto techniques or hiring professional programmers.
推荐答案
要增强 SQL注入的安全性,您必须看到:
它会告诉您使用参数化查询PDO.
It would tell you to use PDO, parameterized queries.
要了解有关一般安全问题的信息,请参阅这篇内容广泛的帖子:
To learn about general security issues, see this post which covers a lot:
审核:
还有
phpSec是一个开放源代码的PHP安全性库,它负责处理 Web开发人员面临的常见安全任务.
phpSec is a open-source PHP security library that takes care of the common security tasks a web developer faces.
这篇关于“私有"服务器上确实需要多少安全性.网站?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
