Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Web security; What are the main issues?

Nov 12, 2006 6:36AM PST

Hi,
I am currently in the process of learning to build websites involving javascript,CGI,Perl,CSS, and linking to Databases.
I have heard the odd scare storys about security, but most of the books I'm working from only make the slightest passing reference to it.

Is anyone able to point me in the direction of a good overview of the issues involved, and/or point me in the direction of a good book or website concerning it?

Discussion is locked

- Collapse -
(trying not to sound too desperate..)
Nov 19, 2006 7:24AM PST

If anyone does have any suggestions I'm still looking for answers!
ta.

- Collapse -
Are classes or books possible?
Nov 19, 2006 8:51AM PST
- Collapse -
Security is such a broad topic....
Nov 20, 2006 6:23AM PST

There is of course the network security angle: How well can others know what data you've entered into web sites as well as which sites you've visited for example? SSL is one of a few technologies to protect the data on a form as well as submitted data. There are also denial of service attacks on a network here as well.

Then there is the security of a web server in terms of what form of authentication it uses whether this be Windows, Forms, or some other form.

Lastly, there are attacks like SQL injection bugs or other cases where the software used to make the website exposed vulnerabilities that hackers seek to misuse.

Regards,
JB

- Collapse -
thankyou for the help guys.
Nov 29, 2006 9:49AM PST

I am following up some of those leads. I'm also looking into Cross-site scripting, the sound of which makes me very paranoid, given that I don't encode data passed to the server via my html form.
mine's is a small website, but it occurs to me that a hacker, out of pure maliciousness could easily exploit smaller websites security holes in order to mess up people's website-or perhaps worse, get control of their computers and gain confidential information.

- Collapse -
Which is why I tell people to use Apache on Linux.
Nov 29, 2006 10:44AM PST

Why use a web server and OS that you have to spend a lot of time "tightening?"

Bob

- Collapse -
hjjhhkhkj
Nov 29, 2006 8:57PM PST

Because I don't really understand the security issues involved yet, and am still in 'scrambling around in the dark' stage.

I've heard that there are potential risks, and I've got a vague idea of what they might be, but I need to work out exactly what the problems are then go about developing solutions.

I'm very much simply trying to get a very general overview of things at the moment.

- Collapse -
Then you can save yourself.
Nov 29, 2006 11:48PM PST

Just use Apache, Linux for the web server and you've automatically shut out better than 99% of the security issues.

Bob

- Collapse -
Just to go off topic a bit.
Dec 1, 2006 9:31AM PST

I like the idea of Linux. I like the 'political' princibles behind it and the whole 'free' software movement. What scares me off is not so much the complexity behind it, but the fact that I wouldn't be able to use my favourite applications (photoshop,word,excel etc) that I have spent years learning!

- Collapse -
Odd!!! We're talking about the web server, not...
Dec 1, 2006 10:12AM PST

Not your desktop.


Bob

- Collapse -
(NT) what do you mean,, bob?
Dec 2, 2006 8:01AM PST
- Collapse -
One would never use their desktop to serve the web.
Dec 2, 2006 8:10AM PST

Or would they?

You never gave a clear picture of your situation. So I'm left to offer the best advice and not tailored to your needs.

Bob

- Collapse -
What kind of website
Feb 2, 2007 5:01AM PST

If you are looking to create a website that takes in credit card info and other info that needs to be highly secure here is my sugestion:
Go with a hosting provider. Look at bluegenesis.com or .ca they are excellent in 1.5 years i have not a signle incident and there customer service is great.

Simply put, apache and linux are great, thats what most professional hosting companies use, but if you wat a good uptime (ie site is not down) for your site that is a lot of time and effort, not to mention expensive hardware. Thus go with a hosting company (i heard reallly bad things about 1and1.com)

- Collapse -
one more thing
Feb 2, 2007 5:07AM PST

Forgot to mention that the hsoting company takes care of the network security issues such as Denial of service, hacking and what not

But if you have any programs that you coded on the site you need to write some csecure code, i assume that you dont have such code / programs though