0

This is all about logic. I am not looking for any code/script or query. In web development basically we create two files. 1 for frontend and another for backend.

  • Frontend will have forms for user input.
  • Backend will insert the user input data into database.

I want to know how can i make backend file more secure so, hacker/attacker can't use it or insert data in database.

Edit: This question is bit different because its about backend file security.

Roxx
  • 3,738
  • 20
  • 92
  • 155
  • 3
    Because you tagged php and mysql: http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php – sinaza Jan 09 '16 at 13:39
  • @sinaza thanks for the link. Hackers can see the backend file from tools like firebug. He also got the details of field name what data is being transmitted. If he create same kind of frontend then i think data can be added in the database. – Roxx Jan 09 '16 at 14:05
  • 1
    actually firebug is used to see front-end as they are rendered in the client. If someone reach back-end files, bad things are gonna happen – sinaza Jan 09 '16 at 14:08
  • if you check the Net tab in firebug then you got to know where the data is going. That raised the concern in my mind. – Roxx Jan 09 '16 at 14:10
  • so I guess by 'backend files' you meant the 'request urls' not the actual files :) – sinaza Jan 09 '16 at 14:15
  • 1
    For more security you can use MVC architecture including encryption so when you pass any value from the form pass it in encrypted format than get the value in controller that is encrypted, decrypt this value and store in database. In this way no one know what you exactly going to pass. This is more secure way if you want to use. – gagan mahatma Jan 09 '16 at 18:03

1 Answers1

1

For more security at the time of entering values in database you need to create a controller where you can validate your data before entering it in database. Below i am trying to make you understand by live example please check it.

So basically first you submit a form from your view file then in between your model (where you put your database query) and view (your form view file) you need to put a controller file where you check your all validations for the input fields and when all the validations successfully passed by the form's data you will send this data to model for query level processing.

Then after your query will successfully run model send back the return values, like true or false or whatever you want(custom values) then in controller you need to check that model return what values (true or false or your passed value), suppose I am going to pass "1" from my model if the query execute properly and send "2" if not, so depending upon this return value i will decide that where i need to send my controller now or we can say next view file with result output, so if "1" is returned i display user a message that "Thanks your values are submitted or whatever" and if not then some error message. Enjoy.

gagan mahatma
  • 336
  • 2
  • 9