We all know that a 100% secure script is a "virtual impossibility" as the PHP manual puts it.
I'm writing my own CMS, and need some security tips to make the script as secure as I possibly can.
Here is what I have so far:
1. Cleanse all data submitted through ANY form
2. Check each page and make sure it is valid (so if someone attemted to include a malicious page, it would return an error and not run that script)
3. MD5/Crypt password
4. Use of tokens to prevent CSRF
Any more suggestions?