Groupon Clone Script
captcha










  1. Are HTTP Cookies really dangerous?

    Kabila on April 23rd, 2009

    Tags: , ,

    HTTP cookies are used by web servers to track clients and retrieve data related to users during navigation. Http cookies were introduced to implement shopping cart for storing items they want to purchase as they navigate a shopping site.

    Other than the usage of cookies in e-commerce as a shopping cart, it is used to store information like their name, phone number etc when users fill out a form and offer them the stored details the next time they come to the page.

    There were rumors among the internet users that, through cookies, webmasters can collect security information and damage hard drive. This is not true. Generally, cookies are small pieces of text, stored by user’s web browsers that contain user’s setting, shopping content or other data used by systems. The collected data is used to identify visitors and gather information you entered into sites.

    Cookies are sent between server and client for normal operation. There is a possibility of stealing cookies particularly on unencrypted public Wi-Fi networks, through packet sniffing, by an unauthorized party. You can secure the communication network by employing transport layer security to encrypt the connection.

    Attackers make use of cross-site scripting (XSS) to receive cookies of other users to their servers. One can get rid of the XSS issue by making cookies inaccessible to the client side script using the HttpOnly flag which was introduced by Microsoft and implemented in PHP since version 5.2.0.

    If you are still worried about security of cookies, get latest browser versions and turn cookies off. Netscape communicator offers three options to accept all cookies, accept only cookies from the same server or deny all cookies. It also offers additional option to alert you when you are prompted for a cookie so that you can accept or decline it.

This entry was posted on Thursday, April 23rd, 2009 at 10:23 pm and is filed under Webmaster Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  1. Safeguard your website from hackers

    Kabila on March 24th, 2009

    Tags: , , , ,

    site hackers“Criminals have been hijacking sponsored links to attempt to spread malicious codes”, the search engine giant Google says.

    “Turkish hackers broke into two of the most established international Websites that oversee and regulate the Internet in order to reroute visitors to a rogue domain” – news about site hijacking from the New York Times.

    “Due to security weakness in Barack Obama’s site, it has been exploited to redirect visitors to Hillary Clinton’s website when visitors view the community blog section.”

    We have listed only some of the site hijacking news to make you aware of site hackers. On reading this, you may ask yourself, is my website safe? How can I safeguard it from hackers? No worries, after reading this article you will get a clear view on various hacking techniques and precautions necessary to safeguard your site from hackers.

    Hackers attack a website through many different techniques, to exploit it. Most notable techniques are SQL injection, cross-site scripting (XSS) and redirecting server.

    SQL Injection –It is a code injection technique in which a piece of malicious SQL code is injected in a web form, to exploit a security vulnerability occurring in the database layer of an application. Through this technique, hackers will gain access to resources and make changes to web data. To protect against SQL injection, user input must not directly be embedded in SQL statements. Instead, parameterized statements must be used (preferred), or user input must be carefully escaped or filtered.

    Cross-site scripting – It is the process of embedding malicious codes like HTML code and client-side scripts into the web pages used by other users, to bypass access control and collect some type of data from the victim. One way to eliminate some XSS vulnerabilities is to escape (either locally or at the server) all mistrusted data based on where that data is to be placed in the HTML document. This escaping prevents the data from being interpreted and executed. There are several different escaping schemes that must be used, including HTML numeric entity encoding, JavaScript escaping, CSS escaping, and URL (or percent) encoding.

    Redirecting Server – People clicking on your site will be directed to other site that may or may not be related to your site. Even if your site URL is displayed in the browser, people will be redirected to some other site. If your site is affected by this issue, then it means that your site is attacked by hackers. They make use of flaws in some DNS and provide incorrect information to redirect your site to some other site.

    Using a secure DNS server is the only way to get rid of this attack technique.

    Some other simple techniques that help you in keeping your site safe are providing an entry page (a log in) for the site, update your open source applications regularly, avoid using Internet Explorer as it is vulnerable to some hacking tools like spy ware, and other security issues, and encrypt your web application with SSL.

This entry was posted on Tuesday, March 24th, 2009 at 12:18 am and is filed under Webmaster Articles. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related Posts from the Past:

Categories

Archives

Recent Post

Page optimized by WP Minify WordPress Plugin