Reducing the Risk of SQL Injection Attack

Databases can be compromised if they are open to SQL Injection Attack. Stripping invalid characters from form inputs will reduce this risk.

If you have a form on your site that interacts with a database (e.g. a username/password login form), you should secure the form by adding an additional stage between submission and the database look-up. One way to do this is to check for valid content. Continue reading

Encrypting Usernames and Password

Using the MD5 and SHA1 hash functions

If you’re using a login script on your site you probably store usernames and passwords in a database for authenticating the login.

For security reasons, you should never store these as plain text but should encrypt them with a one-way hash function such as md5 or sha1.
Continue reading