Ways to prevent your webserver from SQL Injection
As we all know that today SQL Injection is the easiest way to hack someone's website or any companies website. Today mostly all hackers and script kiddles are using this ....
So today, I am going to share some ways to prevent SQL injection on your own or may be on your company's website.
(1) Use the email-id instead of the user id always
This is the one of the best way to prevent the SQL injection, to prevent it you have to use an Email Id ,so what is happening that here the code written will validate in such a way that it will not accept anything else instead of the Email address ,so here the SQL injection string is not acceptable, so the SQL injection is prevented this way.
(2) Never use default admin login page.
Another way to protect your website from SQL injection is that never use the default admin login page means as you use your default login page as "AdminLogin" according to you. But try to have other than this such as "SuperLogin.asp" or "GentalLogin.asp" mean something different which can not be found easily on the search engine hacks (i.e Google,Yahoo,Bing,etc). So when any hacker try to search for your AdminLogin page he/she , he will try in search "AdminLogin.asp" or "Admin|Login.asp" some thing like this but he can't get the result and will be frustrated and hence your site will be prevented.
(3) Make your Admin page became hidden from the others.
As we all know that nothing is secure in this universe, only just one opportunity is required. So as SQL injection is only possible through your Admin login panel or sometimes with url. So never show or link your "AdminLogin" page on your site and always make it hidden from the other users. If you are showing the "AdminLogin" page directly on your site than you are giving an opportunity to the hackers to hack your site.
(4) Social Engineering.
Never show your website vulnerabilities to anyone or never discuss to any single person. With out asking or discussing Just try to get solution by searching on Google. At last never show any type of warning messages on your login page such as "We are using transparent proxy don't try to hack otherwise an legal action would be taken."
Friends I hope you like this Tips for preventing you website from SQL Injection. If you like this and it helpful any how then share it with others too.....
0 comments:
Post a Comment