Securing Your Site With Google Advice
By Navneet Kaushal
Article Date: 2009-02-23
Hacking is a major problem that is increasing day by day. The Internet world is flocked with hundreds of, infact of thousands of anti hacking software but their effectiveness is still in question! In a recent post at Google's Webmaster Central blog, Search Quality Team of Google talks about two most common attacks resulting in hijacked websites: SQL injection and cross-site scripting (XSS).
In order to prevent SQL injections, "it's a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For instance, every occurrence of a single quote ['] in a parameter must be replaced by two single quotes ["] to form a valid SQL string literal."
For preventing cross-site scripting (XSS), Google recommends the following measures:
- Stripping the input that can be inserted in a form (for example, see the strip tags function in PHP);
- Using data encoding to avoid direct injection of potentially malicious characters (for example, see the htmlspecialchars function in PHP);
- Creating a layer between data input and the back end to avoid direct injection of code in the application.
Tune into the post for more information!
About the Author:
Nav is the founder and CEO of Page Traffic, a premier search engine company known for its assured SEO service, web design and development, copywriting and full time SEO professionals.
Navneet has wide experience in natural search engine optimization, internet marketing and PPC campaigns. He is a prolific writer and his articles can be found in the "Best Articles" section of many websites and article banks. As a search engine analyst , he has over 9 years of experience and his knowledge is in application here.