I collect personal data from my users on my website and place it in a MYSQL database. Now I want to make 150% sure this data is safe, and can’t be hacked, changed or accessed by a hacker.
Here’s the steps I currently run through:
I have magic quotes turned off
I have register globals turned off
All $_POST data I pass on my form runs through mysql_real_escape_string, trim, html_entities and strip_tags like so
I run regular expressions on my site for things like checking the validity of an email address etc…
I have a CATCHPA system in place
Now, I know that things like using Prepared Statements is best for making sure no attack takes place, and I am getting to a place whereby I will start using them.
But for now can anyone tell me that if I am doing all the above on my form that my data is safe, has all the correct procedures in place and it won’t be hacked?
You should be fine against SQL attacks, but your site can always be hacked…
Thanks but in what way? Nothing else I can do to stop this right in my 5 checklist I have in place? Or do you mean just via other means by supergeeks that is sometimes beyond your control?
Keeping the hackers at bay, an ongoing job as you’ve described, which you seem to be addressing.
Encrypting the personal information so that IF you are hacked, or somehow your data is intercepted en-route, or from a backup (on your laptop?) that data cannot be traced back to its owner and remains anonymous.
I think it depends on what you mean by “personal data”, passwords? Ages? addresses? preferences?