"Best Practices Against Hacking" By Google!

Hacking is a major problem that is increasing day by day. The Internet world is flocked with hundreds of, infact of thousands of anti hacking software but their effectiveness is still in question! In a recent post at Google's Webmaster Central blog, Search Quality Team of Google talks about two most common attacks resulting in hijacked websites: SQL injection and cross-site scripting (XSS).

In order to prevent SQL injections, "it's a good practice to add a layer between a form on the front end and the database in the back end. In PHP, the PDO extension is often used to work with parameters (sometimes called placeholders or bind variables) instead of embedding user input in the statement. Another really easy technique is character escaping, where all the dangerous characters that can have a direct effect on the database structure are escaped. For instance, every occurrence of a single quote ['] in a parameter must be replaced by two single quotes [''] to form a valid SQL string literal."

For preventing cross-site scripting (XSS), Google recommends the following measures:

• Stripping the input that can be inserted in a form (for example, see the strip tags function in PHP);
• Using data encoding to avoid direct injection of potentially malicious characters (for example, see the htmlspecialchars function in PHP);
• Creating a layer between data input and the back end to avoid direct injection of code in the application.

Tune into the post for more information!

Click here to subscribe to our RSS feed to get a daily digest of news around search engine industry. PageTraffic SEO Blog is updated four times a day and is ranked as one of the best search engine resources blog by Pandia!