[RajatPawar]

What are the realistic measures you would take to secure your UCP? I know there exist many such topics on many forums, but I would like to ask it in the context of SA-MP. I mean I wouldn't buy a 300$ lockdown kit to protect my login and stuff. Besides, prepared statements which I assume take care of SQL injection, htmlspecialchars for XSS and whirlpooling passwords with long hashed session identifiers with regeneration for hijacking, what else? Please be productive in your replies.

Cheers

[Smally]

As long as the public cannot see the MySQL connection details, and your password is secure you should be fine. You could use PDO instead of raw MySQL

[Vince]

Limit the amount of subsequent login attempts within a given timeframe. Throw a 503 Service Unavailable if it gets excessive. Add a logbook entry when someone tries to get into an admin account. Lastly, make sure that you have a .htaccess in non-public folders to prevent directory listing.

[RajatPawar]

I am already using PDO. Thanks!

My core classes are already restricted, and I will look into the limited login attempts and logging. Thank you, anyone else?

[Kyle]

Securing forms from SQL Injections!

Oops never read OP!

[anou1]

What's PDO please ?