Yes, exactly. Unless you have a high-value site to target eg. a Bank, Credit Card numbers etc. for the most part all you need to do is make your site more work than most other sites.
Script-kiddies are lazy and not very intelligent. They usually only try vunerabilities they find and if they don’t work move on.
Of course if it does work, it’s not because the site wasn’t kept up-to-date or poorly coded, but because they’re “geniuses”
If on the other hand a pro is after you specifically, you’ve got a problem. 100% protection is nigh impossible.
If on the other hand a pro is after you specifically, you’ve got a problem. 100% protection is nigh impossible.
Yes.
That’s the thing - in my humble opinion, security is merely a measure against the broadest swathe of threats until you hit the point where there’s no particular ROI on your efforts. And if someone “pro” targets you, you’re likely hosed anyway unless an organization big enough to handle that sort of direct threat. If you’ve got a one man web department? That’s not you.
Most of their efforts can be defeated simply by proper validation without any additional security specific measures at all. They are only successful because so many sites forget to properly validate inputs.
Not sure why you find me rude, but no one is forcing you to be in my thread.
Self answered question?
Just trying to be helpful with the thoughts about security and the advice about politeness. It’s a free Internet, and you can do as you wish, and I’m sure people will help you either way - we have some good folks here.
Lets try to stay on topic here and not go off on tangents.
@applefritters, it sounds like SwiftMailer will protect your form from the initial injection you had, is there something else that you need better explained or want to discuss around this topic?
- we have some good folks here.