View Full Version : Giving members one page profile

04-22-2007, 09:33 PM
I am planning for my future site to have the coolest profiles imaginable. They will have full access to one page. That includes HTML and CSS.

I just do not want them to hack my system or ad virus's.
To stop this I will take away javascript, iframes and embeds. Anything else?

If they want to add a movie or game they have to use
if they want to show people how many posts they have in the forums
{forum id="postcount"}

Does that sound good? Do I need to disable anything to be more secure.

So basically I am giving my members one full page they can edit within some boundaries.

04-22-2007, 09:55 PM
Sounds like a good idea!
Well you'll need a secure database to prevent sql injections.

04-22-2007, 10:13 PM
Sounds like a good idea!
Well you'll need a secure database to prevent sql injections.
Can you explain that more? How would they use these injections?

04-22-2007, 10:58 PM
Well I take it you'll have the users information stored in a sql database. They could retreive users information, passwords, emails if the injection is done correctly, you'll need to read more in to it.

Heres a link http://www.securiteam.com/securityreviews/5DP0N1P76E.html

It explains on how to perform a sql injection, and of course if you know how to perform one, then it'll give you an idea of how to protect your website from them.

04-22-2007, 11:56 PM
So basically get rid of forms too. Or did I not understand?

04-23-2007, 01:47 AM
Well they inject sql into the url aswell, so keep forms, But you'll need to learn about stored procedures. Stored procedures restrict objects within the database to specific accounts, and permitting the accounts to just execute stored procedures.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum