Secure comment box
I set up a comment box on my site that uses php and flat file databases, since the person who hosts my site was worried about cpu usage of mysql, however I took it down because I was worried it wasnt very secure. Well, in fact, to be honest it had no security at all. I'm going to install a check to not allow posts containing <,>,[, or ], and not allow people to post more than once every 24 hours.
Is there anything else I need to do to increase security of it? Perhaps another filter or image verification system to stop spam?
theflash wrote: Is Google broke?
Interesting question. They actually had to lay a few people off due to the effects of the (latest) economical crisis.
@OP;
Try installing an IDS. I can recommend this one: http://php-ids.org/
See sla.ckers.org for occasional updates on web app security.
theflash wrote: Is Google broke?
I had done a bit of googling, however when it comes to the security of my site (which had recently received a whole bunch of pen testing) I thought I would ask for a more complete opinion, especially since im not sure exactly which ways a comment box could be exploited.
spyware wrote:
Try installing an IDS. I can recommend this one: http://php-ids.org/
See sla.ckers.org for occasional updates on web app security.
Thanks, I never knew they made ids's for webapps, i'll definitely be adding that in.
MoshBat wrote:
Rather than stop posts, just remove the offending symbols. Some of them are used in smiley faces, and could remove genuine comments.
Good point. I was aware that I would be stopping quiet a few posts, but I had forgotten how often they get used in smilies and such. thanks