• Girl in a jacket
    Use the buttons to help the community. Admins and Moderators will delete not working content!
  • Note that we do not host any files on our servers; users just link to it. If you wish to have content removed, please contact the host of the file.
Thot,su

Sinfulsite.com Security - Ubuntu [LINUX] and others.

Content from Sinfulsite.com

Jitter


Heaven
Joined
Dec 5, 2020
Messages
108,778
Likes
38,143
Awards
8
Etercoin
0
LV
25
 
This Thread had not been rated yet
So here are some tips for securing your website if you're on Ubuntu [Linux] -

- Never log in as 'root' user.
- Disallow root login through settings.
- Create an account with a secure password and grant it sudo privileges.
- Do not share sudo privileges.
- Do not use FTP, use SFTP.

If you are on ANY system and using MySQL, be sure to prepare your statements and properly bind parameters.

What I mean by this is to secure yourself from something called SQL INJECTION.

To test your site if it is vulnerable for SQL INJECTION, put a single quotation ' at the end of your URL.

To prepare statements, simply put ->prepare instead of ->query before your statement and use bindParam.

Ex of above: WRONG -

Code:
$con->query("SELECT * FROM cats WHERE id=:id"); RIGHT: $con->prepare("SELECT * FROM cats WHERE id=:id");

To bindParam, never use php variables in statements as they are a direct injection vulnerability, but use words with semicolons before them.

For the sake of an example, we will pretend that $id is the $_GET['id'].
So in php it would look like this:

$id = $_GET['id']

An example of an incorrect statement is -

Code:
query = $con->prepare("SELECT * FROM cats WHERE id = $id");
$query->execute();

An example of a correct statement is -

Code:
$query = $con->prepare("SELECT * FROM cats WHERE id = :id");
$query->bindParam(':id',$id);
$query->execute();

Thank you for viewing, This is how you secure SQL on your site, I hope you gain some intelligence, xD.
 
This Thread had not been rated yet
Debrid Link

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.



User Menu