security - Secure database and webpage against modification -


my website provides extremely sensible information (think of bank account numbers) publicly available through webpages , webservices. customers may modify these information when authentified username , password.

any hacking intrusion modify entries of database, or modify information displayed on webpage, disastrous, account numbers might incorrect , money directed malicious bank account.

do have general advices architecture make such service robust possible? not responsible in case of weak password, main concern attacks bypass authentication process , modify database without triggering alert on side; html code of webpage directly modified show different information...

thank you

in case make sure harden system possible. includes broad spectrum reaching security roles on transaction based usage of database, logging prevention of sorts of attacks sql injection, cross site scripting in general , maybe if sensible system use certificates , general ip checks (like have white list of ips allowed populate requests system not instantly refused). not mention host architecture has protected regardless of implemented security features inside system (key words: firewalls, user privileges etc.). during development process there should auto code checking software (like sonar) running detect logical errors , stuff.

then idear have second system monitor primary systems status. system should log , notify on:

  • changes made system (like if has access business logic , examply removes authentication logic)

  • changes made database not consistent primary systems state.

  • detect suspicious actions: banks example have rules apply on account. if used make payments within europe last time , out of nothing make huge payment lets china recive notification commit payment. payment not triggered unless second commitment of customer.

in end pointed out correctly can harden possible not make "100%" safe (at least in theory) have level of security part of total system include beeing able detect unwanted changes, identify exact changes beeing made , have information on overall status of system allow rollback or manual correction of corruptet state in case happened.

even after having implemented mentioned techniques have continously check security bugs in used frameworks, librarys , system full (like using security penetration frameworks auto try corrupt system).

what want show answer comments suggest: broad , complex topic multiple layers of security concernes have either study or have framework solutions "ensure" take care of topic (like webframeworks include basic xss prevention).


Comments

Post a Comment

Popular posts from this blog

html - How to style widget with post count different than without post count -

i have border below li elements in wordpress widget types appropriate. element inside set block gives them nice easy click full width. the problem, when choose option "show post count" when adding widget such categories or archives displays post count plain text after tag , because tag block pushes post number text line below. whether choose show post count or not show post count still gives exact same element identifyer example "widget_categories". how style post count not on next line still keep links non post count list items full width? here's example on sidebar www.bbmthemes.com/themes/modular/blog-standard/ in order solve problem need remove display:block; for ul.widgets ul a , add in it's place line-height: 33px; what going achieve have same visual effect. what going lose doing links going work on text , not on "box". the other way out of find post count coming , make changes this. example change text count i
Read more

How to remove text and logo OR add Overflow on Android ActionBar using AppCompat on API 8? -

have researched death , cannot find answer. i have actionbar using appcompat. supporting api v7 (api v8 do). actionbar works api v11. api < v11 has problem of removing icon (and feature) actionbar without supplying overflow. big picture have app logo, app title, , 3 icons squidging same actionbar on low end phone. trying make room! i happy 1 of 2 solutions. either: a method of getting overflow functionality can retrieved pull down. (preferred) method of removing icon , text actionbar below current xml api 11+: <resources> <!-- base application theme api 11+. theme replaces appbasetheme res/values/styles.xml on api 11+ devices. --> <style name="appbasetheme" parent="theme.appcompat.light.darkactionbar"> <item name="android:actionbarstyle">@style/liteactionbarstyle</item> <item name="actionbarstyle">@style/liteactionbarstyle</item> </st
Read more

javascript - storing input from prompt in array and displaying the array -

i want take the inputs user prompt, store input in array, , display it. want take 10 inputs user using for loop. have tried do-while shown below. var givennames = new array(); var pattern = /[\w\d]{1,}/ig; do{ var name = prompt("enter names. letters , digits accepted!\nentering empty field stops asking",""); if(name && name.match(pattern)){givennames.push(name);} } while(name != ""); function displaynames(){ if(givennames.length > 0){ document.getelementbyid("list").innerhtml = "<span style='color:navy;font- weight:bold;'>given names are:<\/span><br><br>" + givennames.join("<br><br>"); } else { document.getelementbyid("list").innerhtml = "<span style='color:navy;font-weight:bold;'>nothing has been given!<\/span>"; } } how replace for loop? var givennames = new array();
Read more