Recently, I've been working on a blog system for my website, <a href='http://www.64digits.com/octopus'>Octopus's Garden</a>. The system uses MySql for comments, users, and blogs, unlike the current site's system, which reads information from text files. I've read a little bit about the security issues of MySql, but I'm still not sure exactly how to fix them. Here are some of my questions:
<b>I.</b> How does one deal safely with the password used to connect to MySql. Is the following insecure within a PHP file?
$db_host = 'host';
$db_user = 'username';
$db_password = 'password';
$db_name = 'database';
-Would it be possible for a hacker to access the raw PHP source? If so, where would the password be stored.
-Is it possible for the transfer between this PHP script and MySql to be intercepted? If so, is the password automatically encrypted, or should I encrypt it somehow?
<b>II.</b> How does one screen user inputs so that they do not interfere with the MySql structure. Is there an equivalent of strip_tags() or must one use some sort of index system to replace possibly dangerous user data?
[Answered, thanks to melee-master:
<b>III.</b>How does one deal with user passwords:
-Are the passwords sent in an encrypted form when they are sent using < input type='password'>?
-How does one encrypt user passwords to be placed in the MySql Database? I'd probably be able to figure this out, but if someone wants to tell me...
<b>IV.</b> I'm using cookies to store a person's login status. How should this be made secure? By inserting an encrypted password and checking it on each page?
If you have any other insight about Securing such a system, please give it. Thanks.
This vacation I thought I'd try to do some work on my website, Octopus's Garden. I had this thought after unsuccessfully trying to do some work on my latest game. Anyway, throughout the evening, I was able to get done basically nothing. In fact a new banner, that is only debatably better than its ancester, is the only thing that I have to show for the time.
<a href='http://www.64digits.com/octopus'>Octopus's Garden</a>
I think in the future, I will add another page to the Game Maker section to display my examples, and maybe a blog to act as a news system.
I know that the website is pretty dull, as it is. I don't think it has much depth to it. I probably just need to add more content. I think I also need to make some user interaction. If I ever make the blog page, I think I'll also allow comments or something. Any other ideas?
Hmm, I can't think of what to say, but since I'm no longer a mod, I run the risk of being warned for such a short blog. So I'll go on.
Has anyone downloaded the new beta for Windows Media Player? That is, WMP 11, I think. Of those people, how many can't stand it? I can't. I hate the way that it lists music.
IE 7 is horrible too. If they were going to copy tabs, which of course they were and reasonably so, they should have done it completely. Their wierd variation bugs me. Plus the program always locks up on about the third page, but I'm assuming that that is just my computer.
I think for Christmas, I'm going to ask for an interface to connect the midi ports on my keyboard to my computer. I might need some good software eventually, to replace the Anvil Studio freeware that I have for editing midis. Does anyone have any cases to make about which program I should get? I'd be considering cost, basic functionality, and advanced tools.
I'll end by asking, is not starcraft the most addicting game in the world? And that is all.