User Name
Password

Go Back   Planetarion Forums > Non Planetarion Discussions > Programming and Discussion

Reply
Thread Tools Display Modes
Unread 3 May 2008, 22:32   #1
Jezz84
DDK
 
Join Date: Jan 2001
Location: Englandshire
Posts: 151
Jezz84 is an unknown quantity at this point
Talking Burglar Bob

Since furball thought my previous topic included too much penis. Ive had to rewrite this thread.

The previous one asked what an alliance tech should be doing to secure his alliances tools.

I'm not a coder so i cant go into details, but considering the recent attacks on peoples sites (:crymeariver: ) i figured some of them might need refreshing in the best ways to keep out unwanted guests.

So techies. What are the best ways of securing a site?
__________________



DDK - Death Defying Killaz
JoV - Joy of Villainy
FAnG - Furious Angels Next Generation
Eclipse - Eclipse
CT- Conspiracy Theory
VS - Volkstaat
Urwins - Urwins
NoX - NoX


Last edited by Jezz84; 3 May 2008 at 22:38.
Jezz84 is offline   Reply With Quote
Unread 3 May 2008, 22:58   #2
Phil^
Insomniac
 
Phil^'s Avatar
 
Join Date: May 2003
Posts: 3,583
Phil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus wouldPhil^ spreads love and joy to the forum in the same way Jesus would
Re: Burglar Bob

there are several layers when it comes to securing things that you need to consider. Added security comes at added costs, so you need to balance your security needs against the cost that comes with them. Most of the ways to secure a site will not apply to something like an alliances site (ie physical security, low level encryption).

The general things would cover things like hardening the interface between users and the site, and the security of the database which the site uses. Hardening the interface would include things like 'washing' each and every input string that the user passes to the site, to prevent things like XSS (cross site scripting) and SQL injection attacks.
It would be a good idea to implement user authentication in a secure manner - ie utilising the session scope, giving the user a 'key' to that session which is extremely difficult to reverse engineer (like a very very long hash) to correspond with specific sessions.
Passwords should never be stored in plaintext, reversable encryption will do - but is imperfect. a one-way hash system is probably one of the better ways to go - the stronger the hash function, and key length the better. Using a salted hash is an even better idea.
You could use two-factor authentication if you want but this is probably going over the top
Care and thought should be put into systems for account recovery, to prevent abuse.

XSS can be prevented easily enough if you scrub for certain characters / tags. SQL Injection can be pretty much eliminated through the use of prepared statements or stored procedures for all database access functions - read *and* write.
You should never assemble sql strings from data that the user has provided.
The server should operate a firewall - preventing access to everything except the services it is supposed to be running.
It should have a regularly scheduled maintenance cycle which would involve security auditing and virus scanning.
It should go without saying that you log extensively for such a system - so if there is a breach, you can identify the source, fix it and perform damage limitation better.

There are more and more things you can do that would harden the site further, like looking at the web server, operating system, and the physical server as areas to improve the security but the more you do to secure a site, the most costly it becomes in terms of money, time and resources. Ultimately you need to strike the right balance
__________________
Phil^

Last edited by Phil^; 3 May 2008 at 23:06.
Phil^ is offline   Reply With Quote
Reply


Thread Tools
Display Modes

Forum Jump


All times are GMT +1. The time now is 23:26.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2018