Question:

How to protect website from hackers?

by | earlier

my friend is opening up a website involve in selling merchandise. he heard that people who know mysql and php can hack into websites. How do they hack into websites by injecting scripts or what and how does he prevent hackers from stealing customer's credit card numbers etc and personal information?

Tags:

Report

Answer The Question I've Same Question Too

Follow Question

3 ANSWERS

Sort By: Date | Rating

If he is even asking that question, he needs to be paying a professional to host his Web site.

Report (0) (0) | earlier
This is a very big topic.  You need to buy a well reviewed PHP book from Amazon or your local book store.  There are many ways to protect against hacker attacks...but it is too big of a topic to cover here.

1.  Don't trust ANY user input in forms.  You must validate all user inputs by using Regular Expressions to identify and then remove any harmful input.  A hacker will enter a SQL script into a form field instead of his name or address.  When he hits the submit button he just erased your entire database.  This is called a SQL injection attack.

2. Robots can also bombard your site with so many requests that the server gets overloaded....called a Denial of Service Attack.

3.  You must always place all database connection information and scripts outside of the web accessible folder to prevent malicious users from accessing your code and understanding the vulnerabilities of your site.

Again...just buy a few good books and design your site from the ground up with security in mind.

If he is selling merchandise...use paypal....that will allow the service to handle payments preventing you from getting hacked and compromising your customer's information.  Don't store payment information!
Report (0) (0) |   earlier
Your friend heard right.

If he is not sure what to do, he should get help.

BTW: People will not buy online anymore unless the purchase area is secure.
Report (0) (0) | earlier