I would like to ask you about how to build secure website. If I want to build some website that large scale (around 100,000 users use).
How do I manage about security? Only PHP and PHPMyAdmin is enough?
and tell me about the way that hacker could to attack my site. and how to protect?
Thanks!
分享 You should be more worried about the security of the web server and vulnerability of your own code rather than PHP itself. SQL injection is the biggest concern when it comes to PHP/MySQL, however this is entirely in your control to prevent.
The first thing you should do when setting up a database is to prefix your table names and try to stay away from using easy-to-guess table names and fields.
Limit your database user account to the least amount of privileges necessary to run your application.
ALWAYS encrypt sensitive data such as passwords.
Validate data before passing it into queries. A good place to start is escaping your strings using PHP. More here: http://php.net/manual/en/function.mysql-real-escape-string.php
Ensure that any MySQL errors returned don't give users any information about your database structure.
And finally, you should know MySQL and be able to run queries from the command line - giving you the ability to manage the databases 100% without the use of PHPMyAdmin!
分享
