5 Replies Latest reply: Aug 7, 2012 5:39 AM by MurraySummers RSS

    If my php code lacks security and i use ssl connection is that enough for protecting my website?

    baty gill Community Member

      i mean if my php code lacks security features.....and i am using ssl connection is that enough for protecting my website.....and also tell me about any software which can help me for protecting my php website...thank you:)

        • 1. Re: If my php code lacks security and i use ssl connection is that enough for protecting my website?
          pziecina Community Member

          Hi

           

          If the underlying php code is not secure then using ssl is like taking an aspirin  for a cut on your finger, (it may make you feel better, but it will not fix the problem).

           

          Also the use of an ssl certificate from any of the reputable suppliers does require you to ensure that your code is as secure as is reasonably possible, if it is not then the use of the ssl certificate is invalid.

           

          No one expects you to provide the same security as one would expect from a banking site, (unless you are a bank) but basic security and good coding practices should be a given anyway.

           

          PZ

          • 2. Re: If my php code lacks security and i use ssl connection is that enough for protecting my website?
            Rob Hecker2 MVP

            An SSL certificate only secures the passing of data between the browser and server. There are many other extremely serious vulnerabilities that it does not protect.

             

            Your most important security concern should be any forms that accept user input of any type, especially if the input populates a database. These forms must be protected with validation that sanitizes out malicious code injections. They should also verify that email addresses follow the actual structure of email addresses, that integer fields are really integers, etc.

             

            If your users upload files or images to your site, then you must protect your server from a variety of vulnerabilities, such as malicious code being uploaded to your server that gives hackers server access.

             

            There are many other vulnerabilities to be aware of.

             

            Anyone who figures the hackers would have no interest in their website should examine their server logs to view all the activity coming from Russia, China, etc., such as failed FTP attempts.

             

            Unfortunately there is not any actual software that you can just add to your website to protect it. Your best defence is your own knowledge of the vulnerabilities and the appropriate defences. If you control your server, then the one piece of useful software is a good firewall.

            • 3. Re: If my php code lacks security and i use ssl connection is that enough for protecting my website?
              Nancy O. MVP

              Unfortunately there is not any actual software that you can just add to your website to protect it. Your best defense is your own knowledge of the vulnerabilities and the appropriate defenses. If you control your server, then the one piece of useful software is a good firewall.

              Very true.   You can't have enough layers of security these days.

               

              To step things up a notch, we recently added Secure Live to our VPS and Dedicated Servers with good results.    Secure Live is also available for single domains.

              http://www.securelive.net/

               

              PS. I don't work for them.  I just use their product.

               

               

              Nancy O.

              Alt-Web Design & Publishing

              Web | Graphics | Print | Media  Specialists 

              http://alt-web.com/

              • 4. Re: If my php code lacks security and i use ssl connection is that enough for protecting my website?
                willeysher Community Member

                Getting a ssl certificate for securing your website is a good choice but getting the right ssl certificate is very important. So get a ssl certificate which provides a strong protection by using best encryption methods , Comodo ssl certificate is having the best encryption methods. If you have a website with more sub domains then go for Wildcard SSL Certificate which is a single ssl certificate that secures all domains.

                • 5. Re: If my php code lacks security and i use ssl connection is that enough for protecting my website?
                  MurraySummers ACP/MVPs

                  Just so there's no misunderstanding, adding SSL to a website that a) collects user input, and b) otherwise has no protection from injection and does not sanitize user input is a useless step.