Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Henrik Christensen
seal-mask
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,322 Points
Posted by Henrik Christensen
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,322 Points

Secure enough?

Hi,

I'm currently doing the PHP track and I just finished the "Basic website" track. Now I'm wondering if:

  • The code written in that course would make a contact form secure enough to use in real-life?
  • Is there a website somewhere that can scan your code (like w3school validator) to check the security, or how do I know if it's secure enough etc..?

3 Answers

Jennifer Nordell
seal-mask
STAFF
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher
Jennifer Nordell
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

Hi there! To be fair, I can't remember exactly what this form looked like when finished, but here are some questions you might ask yourself.

  • Is the input sanitized?
  • Is the output escaped?
  • Are any passwords hashed and salted?

You definitely don't want an outsider running SQL injections and doing something nefarious like dropping your database :smiley:

Hope this helps! :sparkles:

Henrik Christensen
seal-mask
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,322 Points
Henrik Christensen
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,322 Points

I might sound like an idiot now, but when you say Are any passwords hashed and salted? do you then mean if I use an input field when a type of password, or do you mean in my acutally php code?

In case you mean in my php code, how am I doing that? :-/

Jennifer Nordell
seal-mask
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher
Jennifer Nordell
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

I mean the passwords residing in the database. They should never be in plain text. But, I'm guessing you probably haven't made it that far. If you continue down the PHP line, you will. It simply means that the passwords that are stored in the database for the user are encrypted.

Henrik Christensen
seal-mask
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,322 Points
Henrik Christensen
.a{fill-rule:evenodd;}techdegree
Henrik Christensen
Python Web Development Techdegree Student 38,322 Points

Ah okay - I might have to continue a bit before putting my contact form up online.. oh well.. I still got problems making the form work properly :-p

Anyway, thank you so much for your inputs :-)

Aurelian Spodarec
Aurelian Spodarec
10,801 Points
Aurelian Spodarec
Aurelian Spodarec
10,801 Points

It can never be secure enough. Hackers will alwasy find a way to hack it. You should try and do everything you can think of, going to blogs, articles, this that etc..

Aurelian Spodarec
Aurelian Spodarec
10,801 Points
Aurelian Spodarec
Aurelian Spodarec
10,801 Points

I don't think there is one point like that : p you don't know what you don't know. YOu can try your best and upgrade the security.