| |
Forum PHP IndonesiaDapatkan pertolongan pertama pada kebingungan PHP dan sekitarnya |
|
|
|
|
|
| |
|
|
All times are GMT + 7 Hours
|
|
BUAT PARA MASTER PHP KEAMANAN SHOPING CART APA AJA
 |
Fri Feb 05, 2010 10:07 |
 |
 Author |
Message |
miauw
PHP Programmer
Joined: 06 Jan 2010
Posts: 92
|
| Post subject: BUAT PARA MASTER PHP KEAMANAN SHOPING CART APA AJA |
 |
|
BUAT PARA MASTER PHP KEAMANAN APLIKASI SHOPPING CART MELIPUTI APA AJA C???
GW MASIH GK TAU APA AJA VULNERABLE DIAPLIKASI ITU.!!!!
PLEASE DISHARE DISINI.................!!!!!!!!!!!!!
MOHON BANTUANNYA
pernah baca buku harus check jika user menginput tanda minus pada form quantity...
trus apa lagi y |
|
| |
|
|
|
Fri Feb 05, 2010 12:59 |
|
| Author |
Message |
miauw
PHP Programmer
Joined: 06 Jan 2010
Posts: 92
|
| Post subject: |
|
|
| buat check jika user memasukkan angka minus pake php gimana ?? |
|
| |
|
|
|
Fri Feb 05, 2010 13:08 |
|
| Author |
Message |
hlie
Super Master PHP
Joined: 10 Apr 2008
Posts: 2673
Location: Singapore
|
| Post subject: |
|
|
security pertama anda bisa pake javascript buat kontrol allow key in number kan??
0 s/d 9
kedua anda cek di php kalau nilainya mesti lebih besar samadengan >= 0
_________________
Past is Experience,Present is Experiments,Future is Expectations,Use your Experience in your Experiments to achieve your Expectations...!!!
www.slackware.com |
|
| |
|
|
|
Fri Feb 05, 2010 13:34 |
|
| Author |
Message |
miauw
PHP Programmer
Joined: 06 Jan 2010
Posts: 92
|
| Post subject: |
|
|
trus apa lagi nih???
selain pengecekan tanda minus
|
|
| |
|
|
|
Fri Feb 05, 2010 13:41 |
|
| Author |
Message |
miauw
PHP Programmer
Joined: 06 Jan 2010
Posts: 92
|
| Post subject: |
|
|
hayuh donk para master php keluarin lagi ilmu na...
semoga dibalas kebaikannya
pertama dari babeh hlie udah kasih duluan tuh..
|
|
| |
|
|
|
Fri Feb 05, 2010 13:46 |
|
| Author |
Message |
i-hate-blue
PHP Master
Joined: 28 Apr 2009
Posts: 188
Location: 127.0.0.1
|
| Post subject: |
|
|
cek sql injection...
*klise :p |
|
| |
|
|
|
Fri Feb 05, 2010 13:57 |
|
| Author |
Message |
miauw
PHP Programmer
Joined: 06 Jan 2010
Posts: 92
|
| Post subject: |
|
|
| apa lagi ayo apa lagi |
|
| |
|
|
|
Fri Feb 12, 2010 21:03 |
|
| Author |
Message |
abrari
PHPnewbie
Joined: 29 Jan 2010
Posts: 16
Location: Bogor
|
| Post subject: |
|
|
untuk memastikan dia adalah angka, inputnya di intval() (dipaksa jadi angka).
untuk anti minus, inputnya di abs() sekalian (di nilai-mutlakkan kalo di matematik) :) |
|
| |
|
|
|
Sun May 16, 2010 21:34 |
|
| Author |
Message |
build
PHPnewbie
Joined: 16 May 2010
Posts: 7
|
| Post subject: |
|
|
banyak sekali
1. kode nya loe tulis sendiri apa gak? atau pake cms?
kalo loe tulis sendiri, pastiin tidak ada celah untuk eksekusi
contoh eksekusi :
1. eksekusi pake mode url value.
2. eksekusi pake mode inclusion
3. eksekusi pake mode stripslases
4. eksekusi mode shell exec
5. dll, panjang kalo ini kalo di jelasin semua
kalo pake cms, upgrade cms nya
2. matiin disable function
3. ganti mode write mode website mu jadi 644
cara nya, chmod 644 *(eksekusi di shell atau di ftp), jangan sampe ada mode writeable di web mu, jadi walaupun orang masuk dari tempat lain, selagi dia bukan eksekusi root, dia gak bisa mengubah file loe
3. password cpanel atau password login mu di bedain dengan password sql dan password email mu
4. liat logs, jika ada yang mencurigakan, langsung update
5. sql injection
6. xss injection
7. manipulation url injection
8. local inclusion
9. javascript manipulation
10. gunakan session pada setiap trans dan timeout nya di perkecil jadi 30 detik, kalo bisa kurang, untuk mencegah script manipulation
11. dll (panjang kalo di jelasin 1 per 1) |
|
| |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
|
Powered by phpBB © 2001, 2002 phpBB Group
|
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
PHP Security 
