Keeping CMS secure

SaW

SaW

Member
Mar 3, 2018
101
15
I barely just started coding html and php so that i could create my own stuff for my CMS, and even though i know the code might not be the best, I think it'll do, but my only concern is it being unsafe and unsecure, which i definitely don't want.
Therefore I want to ask if theres any basic precautionary measures to be taking while working on my CMS?

Hope my question makes sense, thank you.

Pic of what I'm working on:
You must be registered for see images attach


You must be registered for see images attach
 
Sort by date Sort by votes
JayC

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
You just need to make sure you properly filter everything , even coming from the database and being outprinted.

One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!

You should also be double checking permissions.

Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,

and then on the housekeeping you can have another account that allows updates.
 
Upvote 0 Downvote
SaW

SaW

Member
Mar 3, 2018
101
15
JayCustom said:
You just need to make sure you properly filter everything , even coming from the database and being outprinted.

One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!

You should also be double checking permissions.

Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,

and then on the housekeeping you can have another account that allows updates.
Click to expand...
Thanks a lot
 
JayCustom said:
You just need to make sure you properly filter everything , even coming from the database and being outprinted.

One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!

You should also be double checking permissions.

Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,

and then on the housekeeping you can have another account that allows updates.
Click to expand...
Would it make sense to restrict the db account to certain columns, so that it doesn't have access to e.g passwords?
 
Upvote 0 Downvote
JayC

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
SaW said:
Thanks a lot
 

Would it make sense to restrict the db account to certain columns, so that it doesn't have access to e.g passwords?
Click to expand...
How would a user login if the account can't check the password? You just need to ensure you're using modern encryption methods
 
Upvote 0 Downvote

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top