Securing an UCP - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Securing an UCP (/showthread.php?tid=488583)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Securing an UCP (/showthread.php?tid=488583)
Securing an UCP - RajatPawar - 18.01.2014
What are the realistic measures you would take to secure your UCP? I know there exist many such topics on many forums, but I would like to ask it in the context of SA-MP. I mean I wouldn't buy a 300$ lockdown kit to protect my login and stuff. Besides, prepared statements which I assume take care of SQL injection, htmlspecialchars for XSS and whirlpooling passwords with long hashed session identifiers with regeneration for hijacking, what else? Please be productive in your replies.
Cheers
Re: Securing an UCP - Smally - 18.01.2014
As long as the public cannot see the MySQL connection details, and your password is secure you should be fine. You could use PDO instead of raw MySQL
Re: Securing an UCP - Vince - 18.01.2014
Limit the amount of subsequent login attempts within a given timeframe. Throw a 503 Service Unavailable if it gets excessive. Add a logbook entry when someone tries to get into an admin account. Lastly, make sure that you have a .htaccess in non-public folders to prevent directory listing.
Re: Securing an UCP - RajatPawar - 18.01.2014
I am already using PDO. Thanks!
My core classes are already restricted, and I will look into the limited login attempts and logging. Thank you, anyone else?
Re: Securing an UCP - Kyle - 18.01.2014
Securing forms from SQL Injections!
Oops never read OP!
Re : Securing an UCP - anou1 - 18.01.2014
What's PDO please ?