1.0.0

Some Security Issues

  • HTTP sends data in the clear. For real applications that handle sensitive data, we should use HTTPS

    • authenticate server

    • encrypt data sent over network via SSL

  • Session hijacking

    • Adversary who discovers session ID can take over a session

    • Checking the IP address of each request helps mitigate this threat, but doesn’t eliminate it

  • SQL injection

    • Malicious user enters input that results in execution of an SQL statement other than the intended one

  • Cross-site scripting

    • Malicious user gives input that hides a script in content that others will download

PreviousPHPNextAccessing Metadata

Last updated