Hello. I read an article about security and the author wrote that md5 hash is easy to decrypt with dictionaries or brute force attacks.
1. So for example if I make a small site or a social network I have to expect such attaks from hackers or they attak only the big sites?
2. How effective are htmlenities() an mysql_real_escape_string() functions ?
3. What security measures are most effective?
I'm still learning php so I would appreciate an answer easy to understand.
Thank you in advance.
Post a Reply
|Oldest Newest Rating|
· February 8, 2015
Thank you so much. Very helpful answers.
· February 7, 2015
yes, md5 hash function has a problems with collisions so it's not a good choice to hash something. if you need a good hash function, try researching the sha hash function.
hackers can attack any site they want for whatever reason, such as for the fun of it. not all hackers are skilled enough to attack sites like google. if they can, they will.
as for security measures, do everything you can to stop attacks. don't leave anything unaccounted for. better to be safe than sorry. you might need to research attacks on php such as xss, sql injections, session hijacks, csrf, code injections, directory traversals into private folders/files. but then again, there are attacks on websites which could come from outside the scope of your site such as (D)DOS, MITM, which you'll need mitigation techniques and secure transfer of private data such as SSL.
it's a big world out there.
· February 7, 2015
1. Not really, they usually attacks famous websites/big websites. They don't have the time to hack small websites.
2. mysql_real_escape_string() disallows hackers to do a MySQL injection by using a an input box that you've provided. htmlentities() only allows, for example the input students' , you really do not want these:
Because humans does not know that that is a ' , so instead we use htmlentities() to change that weird thing into readable character.
3. Huge websites usually uses SSL (Secure Socket Layer) to prevent fragile information to be leaked/sapped by a hacker, and ALWAYS use mysql_real_escape_string()