Secure Coding - Preventing vulnerabilities and spam

Here I would like to cover some important practices that will prevent spam and code vulnerabilities from spammers and hackers.

This document will be updated from time to time

To start from simple things
a) Set MAXLENGTH property for form fields where ever possible

b) Do a referrer check in the data processing. This is to ensure that the form is submitted only from the same server.

c) Always destroy session variable when they are no more needed. That to with captcha checks it is a must. Captcha string enables attackers to re-use a session-id for a known
captcha string.

d) When displaying a content that is entered from a users form, never display it as is. Convert all html characters to their respective entities. use php function like htmlentities($str, ENT_QUOTES);

e) Always hide the email address from email forms. If possible store it in database and use only while sending a mail. This way the spammers will never know the to address.

f) Never use 777 [read, write, execute] permission of files that are from free scripts or softwares. Hackers can easily get in to your system with their knowledge on such scripts.

g) Always secure your /tmp folder


For any support you can contact support@hioxindia.com