May 24, 2011
Having a website that handles user-submitted data is quite common and making sure your website is secure from vicious attacks is an important aspect to running a successful website. Validation and filtering are extremely important to ensure your site prevents threats from unwanted visitors.
What is code injection?
Simply put, code injection is when a user exploits a script or program with a bug; allowing the attacker to insert (or “inject”) extra code which then alters the execution or outcome. This can have devastating effects both locally on the web server and globally across a whole network. The severity depends on the type of injection attack and can a SQL or email injection or a full on server worm or virus.
Usually, the majority of injections are caused by poor administration regulations when accepting user-submitted content from the Internet. Good attackers can use email forms to insert additional content using it as a spam gateway. This could really hurt your creditably if you start sending out spam mail in your company’s name. Another major attack are SQL injections. MySQL is used on literally millions of websites and while I’m sure many sites do have some type of security, others do not and can fall victim. SQL injections can have devastating consequences as well like exposing user account passwords, erase database contents, or even having access and erasing your server; which is very bad.
Tips to protect your site
It’s actually not as hard as you think to help defend your site from most forms of attack. You don’t even need an information technology degree! You just need to know your options available to you and how to put them in place. You can learn more about PHP security (Manual | Tutorial) thanks to PHPfreaks.com