Secured Your Web Site
November 01, 2007
Most of the people who browsing in internet is good people, but there are
some people who get fun in internet with looking for security weak in a web
There are several tips can help us in securing web site. Tips will write
here is very simple tips, at last enough to reducing problems in web site
that enable other people to see what they should not see.
Protect your folder
If you has private directory, don’t rely on directory name that other people
maybe can not guest only. Better if your directory protected by password
Because more than 50% web site using apache server, so we will discussing
how to protecting directory with password in apache.
Configuration in apache did by .htaccess file inside directory. Command in
.htaccess can effecting a folder and sub folder, exclude if that sub folder
has .htaccess file it self in it. To give password to folder, Apache also
using .htpasswd file. Password in .htpasswd encripting, so we must used
.htpasswd program to make a password. To access it, use command line at your
server and type "htpasswd". If message received is "command not found", call
your administrator system.
Type “htpasswd -c .htpasswd username” where “username” is user name wanted.
After that you will ask password. Confirmating that password, so it file
will make directly. To make iy sure, you can check it by FTP.
Now, open .htaccess file. And type command below:
AuthName “Secure Folder”
First line used to giving place directory from .htpasswd file. When all
finished, your web site will appear popup when you entering directory that
protected by that password.
Switch off Directory Listing
In default, all directory in web
site has not "opening" file (index.htm, index.php, default.asp, etc), what
will appeared is file list in that site. You maybe not want show whatever
files in your web site right? First way to solve this is make an empty html
file. And named index.htm then uploading to your website (or a folder in
your web site)
Second way is using .htaccess file to disable directory listing. Put in
“Options -Indexes” command in .htaccess. Now your web site visitor will get
error 403 and not content list of your directory.
If you using software (or can be CMS), you nee update at that software, for
guarantee it secure.
Update used to close security hole at software. Don’t do same update mean
freeing other people do exploitation to your web site software weak.
Reducing error massage level
Now we will talk about PHP, because this web programming language is most
used. In default, if there are mistake in a file error message and warning
at PHP will write in complete information, include place of that mattering
Yes, information given is too many. Use function error_reporting() at PHP,
and put in as global file that will work at all part from your web site.
Form can be bigger crack from
your web site if you not really serious in coding it. Form can access direct
to data base. Although you write "address" word in front of a field, does
not mean you can believe that file will fill by other people with their
address. How if somebody fill that field with SQL query or other script in
it? Then how to secure that form?
Used MaxLength. Can at
least avoid other people put data in too many.
Validation form. Check
data that put in is it formatted. This valid for e-mail, Telephone number,
post code, etc.
Avoid SQL Injection.
Check data type that come to your data base (string, numbers, etc.), use
right validation form, and last write query that will disable other people
to put in data except you want it.
Source : http://www.rumahweb.com