WebSite X5Help Center

 
Sylwester S.
Sylwester S.
User

Security of the forms  en

Author: Sylwester S.
Visited 1349, Followers 1, Shared 0  

I have a form on my website and all the information are sent to database SQL. I noticed someone is trying to attack my website. Somebody is sending strange symbols: // 00 /> <html> etc. Is that form secure which I make in the Program WebsiteX5 v11 . I am thinking about SQL Injuction and XSS.
Thank you

Posted on the
2 ANSWERS - 1 CORRECT
Wespenstich B.
Wespenstich B.
User

This is a question I'm interested in, too. On my current website, built with another software, I have the possibility to link on form-sides with SSL-security. These old forms, that are shown and sent to me, are safe (I hope so).

With the forms I'm creating now with WX5 11 prof I don't see any informations about the technique or possibilities to arrange this. Are they handled on a WX5-Server? Or on the server, where the site is running? How can we use the SSL?

Thanks to everybody who knows and writes!

Wespenstich

Read more
Posted on the from Wespenstich B.
Paul M.
Paul M.
Moderator

Hello Sylwester & Wespenstich,

Rest assured that WebSite X5 is robustly and securely coded.  Data entered into the forms is escaped and filtered before further processing takes place.  You can see for yourself if you inspect the source code of the PHP scripts in the 'res' folder within the root folder of any WebSite X5 project.

The strange data that you are seeing, Sylwester, is probably caused by spambots, etc.  -  there are options built-in to X5 to reduce this sort of junk (i.e. captcha and 'check question'  -  make sure these are in use to combat unwanted form submissions)

The forms are processed on the server where the site is running, using PHP, so SSL is redundant in that sense.

However, if you wish to secure the data being sent to the server then you can contact your webhost to arrange installation of an SSL certificate.  This will have no effect on the operation of WebSite X5 itself...  the forms will work in the same way no matter whether SSL is in use or not, but data transfer to the server will be secured where it is.

Hope that clarifies things for you both, but if you've any further questions please don't hesitate to ask.

Kind regards,

Paul

Read more
Posted on the from Paul M.