Chapter 10: Security Issues
Google

Test your filters

Once you've chosen and implemented the filters, you need to test them. Bring up the page with the form and enter some sample data. Then check to see if you captured exactly what you expected. It's a good idea to have the script display a page with the user's data. You can remove the code that produced this page after you finished your testing if you don't need it any more.

For each input, try everything that it should allow and make sure it works. Then try everything it should reject and make sure nothing unwanted can get past the filters. Once you're 100% satisfied with the filters you can move on to the question of what you'll do with the data. I really mean it. Be as certain as you can be that your data is going to be exactly what you expect before you start writing code to process it!

More security ideas

Many web hosts provide a means for you to password-protect files and folders. If your host has this handy feature, take maximum advantage of it. It's one more layer of security for your sensitive files. Keep your usernames and passwords written down, categorized and labeled in a notebook. Don't keep them on your computer. Why? Keep reading and you'll see.

If your PC is compromised by crackers they could steal all sorts of private data. (Do you know the difference between crackers and hackers? They are similar ... but crackers are evil.) If your PC's hard drive fails or the computer itself breaks down, you may not have access to your own passwords! It's like being locked out of your house or your car - but it can be much worse.

And what about all those files you worked so hard to create? How safe are they if they exist only on your C:\ drive? Are you sure?? Better make a backup copy on a Zip drive, a CD-R or CD-R/W and put it in a safe place. Update your backup files every time you update your "live" files. Life's tough enough without asking for more trouble.

And what about your email address? Does your page make it really easy for email harvesting software to read your email address? If so, you're just asking for an ever-increasing flood of SPAM. Yuck! I'll give you some pointers about fixing that problem in the chapter on email. (See, I want to make sure you don't skip that chapter.)

Do you make money with affiliate programs? Are you aware of how easy it is for people to steal your commissions? Or to steal your product itself? People often pass around download links and let their friends grab software and other digital products without paying for it. That's a security problem, too. Don't you agree?

What can you do about it? Here are a couple of suggestions. To make the download links bullet-proof and sharing-proof, you can use "Safe Download Automator." This PHP program is a free bonus for people who buy ClickBank Automator ( http://www.learntousephpintwohours.com/cb_automator.php ).

ClickBank Automator itself is a marvelous tool written in PHP that's really essential for anyone who uses ClickBank to sell downloadable products. By the way, you'll get a $50 discount on it if you buy your copy from my link. The same programmer who created it has another tool you really need to know about. Let me explain why.

Almost everybody knows how to use View->Source to see the HTML code on a web page. Lots of sellers use PayPal, Authorize.net and other 3rd-party providers to accept credit cards and online cash for their products. What's the connection? Very simple.

When you do a View-Source on the order page, you can usually see the <form> ... </form> block where the parameters are passed to Authorize or PayPal. All too often, the download link for the product is right there in the form block. How hard can it be to copy-and-paste the download link into a browser? Not hard at all.

But what if the page were encrypted so you couldn't read the code? That would make it much too hard for 99.98% of users to steal the product! The only program I've seen that can do reliable encryption (and work with any browser) is HTML Code Guard (http://www.learntousephpintwohours.com/code_guard.php ). And wait till you see what else this puppy can do!

For a more thorough guide to security problems and their solutions, visit this site:

http://www.w3.org/Security/Faq/www-security-faq.html

Previous Page   Table of Contents   Next Page

Copyright © 2004 Steve Humphrey