javascript - How to ensure the security of information in the database?
世界只因有你
世界只因有你 2017-05-02 09:25:58
0
2
823

I have never been exposed to network security. I would like to ask you guys how to ensure security after putting user information in the database?

世界只因有你
世界只因有你

reply all(2)
phpcn_u1582

This question is a big one... Let’s start from the following aspects:

  1. Database permissions: Don’t always use root to connect to the database. Open a separate account for the web application and minimize permissions

  2. Database password: Don’t use a weak password, try to have a randomly generated password of more than 16 characters

  3. Web server: Same as the database, make the password as complicated as possible. Try not to use the root account directly. Open a separate account. Use root only when necessary

  4. web application:

    1. Try to choose a better DB library or ORM library and use parameterized SQL queries. Do not put parameters directly in SQL to prevent SQL injection

    2. The password information of users (including backend management users) should not be stored directly. It should be hashed with salt before storage

    3. If possible, try to use HTTPS

    4. When rendering HTML, try to use encoding before outputting to prevent XSS

    5. When you have to output a piece of user-controlled rich text HTML, use a filter like htmlpurifier to prevent XSS

    6. Follow HTTP verb semantics, use POST/DELETE/PUT for addition, deletion and modification operations, and add csrf_token to prevent CSRF attacks

Thinking of this for the time being, there are still many points to pay attention to in web security. I suggest LZ hire a security consultant directly.

巴扎黑

First of all, your front-end and back-end codes must ensure their security and avoid attack vulnerabilities such as XXS or SQL injection. Secondly, the database server and the web server must be separated, which can improve part of the security performance and improve the website. efficiency. In addition, it is best for all passwords in user information to be encrypted using a specific encryption method before being stored in the database. This ensures that even if it is stolen, it will be difficult for the thief to know the real password. We hope you will adopt it!

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template