Security of the forms
Autor: Sylwester S.
Visitado 1328,
Seguidores 1,
Compartilhado 0
I have a form on my website and all the information are sent to database SQL. I noticed someone is trying to attack my website. Somebody is sending strange symbols: // 00 /> <html> etc. Is that form secure which I make in the Program WebsiteX5 v11 . I am thinking about SQL Injuction and XSS.
Thank you
Publicado em
This is a question I'm interested in, too. On my current website, built with another software, I have the possibility to link on form-sides with SSL-security. These old forms, that are shown and sent to me, are safe (I hope so).
With the forms I'm creating now with WX5 11 prof I don't see any informations about the technique or possibilities to arrange this. Are they handled on a WX5-Server? Or on the server, where the site is running? How can we use the SSL?
Thanks to everybody who knows and writes!
Wespenstich
Hello Sylwester & Wespenstich,
Rest assured that WebSite X5 is robustly and securely coded. Data entered into the forms is escaped and filtered before further processing takes place. You can see for yourself if you inspect the source code of the PHP scripts in the 'res' folder within the root folder of any WebSite X5 project.
The strange data that you are seeing, Sylwester, is probably caused by spambots, etc. - there are options built-in to X5 to reduce this sort of junk (i.e. captcha and 'check question' - make sure these are in use to combat unwanted form submissions)
The forms are processed on the server where the site is running, using PHP, so SSL is redundant in that sense.
However, if you wish to secure the data being sent to the server then you can contact your webhost to arrange installation of an SSL certificate. This will have no effect on the operation of WebSite X5 itself... the forms will work in the same way no matter whether SSL is in use or not, but data transfer to the server will be secured where it is.
Hope that clarifies things for you both, but if you've any further questions please don't hesitate to ask.
Kind regards,
Paul