Keeping CMS secure

SaW

Member
Mar 3, 2018
101
15
I barely just started coding html and php so that i could create my own stuff for my CMS, and even though i know the code might not be the best, I think it'll do, but my only concern is it being unsafe and unsecure, which i definitely don't want.
Therefore I want to ask if theres any basic precautionary measures to be taking while working on my CMS?

Hope my question makes sense, thank you.

Pic of what I'm working on:
You must be registered for see images attach


You must be registered for see images attach
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
You just need to make sure you properly filter everything , even coming from the database and being outprinted.

One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!

You should also be double checking permissions.

Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,

and then on the housekeeping you can have another account that allows updates.
 

SaW

Member
Mar 3, 2018
101
15
You just need to make sure you properly filter everything , even coming from the database and being outprinted.

One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!

You should also be double checking permissions.

Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,

and then on the housekeeping you can have another account that allows updates.
Thanks a lot
 
You just need to make sure you properly filter everything , even coming from the database and being outprinted.

One of the mistakes in RevCMS is they use templates such as {server_ip} - and if a user sets this as their motto, or manage to put it in the database where it somewhere gets loaded on the CMS, it will show their server ip, so its important to filter everything!

You should also be double checking permissions.

Another way to ensure security - is to have 2 different database accounts. One that only has permissions to RETRIEVE and INSERT information, but not delete , truncate, or change for the basic cms,

and then on the housekeeping you can have another account that allows updates.
Would it make sense to restrict the db account to certain columns, so that it doesn't have access to e.g passwords?
 

JayC

Well-Known Member
Aug 8, 2013
5,505
1,401
Thanks a lot
 

Would it make sense to restrict the db account to certain columns, so that it doesn't have access to e.g passwords?
How would a user login if the account can't check the password? You just need to ensure you're using modern encryption methods
 

Users who are viewing this thread

Top