Home/ Questions/Q 109177
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T02:01:42+00:00

I have a small AJAX application, written in PHP that I did not secure

  • 0

I have a small AJAX application, written in PHP that I did not secure from the start. I would like some recommendations on how to now secure the app, things to implement and check for. I have not found any exhaustive guides on google, and hope that some can be recommended.

It is a small application that connects to and displays records from a mysql database. It is not using any external libraries.

I am unsure about how to protect on passing in variables, such as:

if (isset($_GET['cmd']))   $cmd = $_GET['cmd'];

Should I simply declare $cmd to something before check isset?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. If you are talking about securing the app (as opposed to the server/ environment it is on – which I am not really qualified to address) then I would consider the following:

    1. Ensure any user inputs are parsed/cleaned to ensure they can’t do things such as SQL injection attacks. This includes any ajax requests where the user input can be stored on the query string. In fact anything passed into the app from the query string should be validated/cleaned in this manner.
    2. Do you use any passwords? If so use SSL to stop any packet sniffing. And hash your passwords in your database with a salt
    3. A quick Google dug up this which looks pretty good: http://www.securityfocus.com/infocus/1706
    4. Some tips on securing user input http://www.dagondesign.com/articles/writing-secure-php-scripts-part-1/
    • 0