Data is the new oil and data security is the most crucial part of any software programming. If data is lost, everything is lost. Programmers always make sure that the data is properly encrypted and secured before launching or releasing any web application. If you want to create any robust application then the security of your data is very important. This post will explain how to secure your data in 2023 by using various programming languages.
PHP is a traditional language for the development of various software applications and web app development. It is so widespread that in any circumstances organizations do shoot several bounty programs in which they beckon various security specialists to investigate their application from the kernel and submit significant PHP security best practices for it. The following are some of the security issues and their solutions are given by PHP.
The following code example is showing how to prevent XSS and SQL injection attacks in PHP. The below code is using various PHP built-in functions to prevent various XSS and SQL injection attacks. XSS and SQL are common PHP vulnerabilities.
<?php function validate_data($data) { // Eliminates any script checks $data = strip_tags($data);
// Stripslashes if (get_magic_quotes_gpc()) { $data = stripslashes($data); }
// Leave specific characters if (!is_numeric($data)) { $data = mysql_real_escape_string($data); }
// Check numeric number if (is_numeric($data)) { $data = intval($data); } return $data; }
Also to prevent SQL injection attacks the following code is useful:
<strong>$sql = ‘SELECT `username`, `password` FRO</strong>M<strong> `users` WHERE `username`=”‘ . mysql_real_escape_string($_POST[‘username’]) . ‘”‘;?> </strong>
The above code will prevent the SQL Injection attack. Just make sure to separate tables and columns from grades utilizing `, separate string values utilizing “, leave utilizing the database’s individual escape function, and add specific value to what it is assumed to be.
Saving delicate data in understandable text format could transform into a bummer if the entrance to the database has been jeopardized. To reduce damages in such cases MySQL gives functions for encrypting and hashing data.
The hash functions are designed to outline data of absolute size to data of fixed size. Hashing is a one-way method, i.e. the initial data cannot be reclaimed. Rather than saving the password, a standard method is to save only its checksum. The following code is displaying how to store the encrypted password in the MySQL database. For this, we use the MD5(str) function. This function computes the 128-bit checksum for an addressed string, returned as a string of 32 hex digits.
mysql> INSERT INTO `users` (`email`, `password`) VALUES ('user@abc.com', MD5('password2000'));
The above row is inserted in the table users. Now if we fire the select command to retrieve this data then it will display the following result:
mysql> SELECT `password` FROM `users` WHERE `email` = 'user@abc.com';
Password
47762996a0dca22d43ac7894f466db56
The above result is showing you how to protect sensitive data.
Encryption is the most suitable method to transfer variables to the subsequent page using a URL.
e.g. index.php?id=5
This URL displays the utility of id, so it will be weak. This is the reason one should always encode it for defense prospects. For this purpose always use urlencode() function.
urlencode(string)
: This function is utilized in a query part of a URL. URL encoding is applied when putting text in a query to bypass it being involved with the URL itself. It is usually utilized when the browser posts form data to a web server.
base64_url_encode($value)
: This function is useful when encoding a string to be utilized in a URL. The following example is displaying step by step instructions on how to create this function.
function base64_url_encode($data) { return strtr(base64_encode($data), ‘+/=’, ‘-_,’); }
The above code is showing us that the base64_encode always encodes data with MIME base64. Due to this, the URL is safe.
Now, by using the urldecode(string)
function one can easily decrypt the URL.
urldecode(string)
: This function decodes a URL string. It is utilized when putting text in a query string to bypass it with the URL. It is frequently applied when the browser posts form data to a web server.
function base64_url_decode($data) { return base64_decode(strtr($data, ‘-_,’, ‘+/=’)); }
The above script is displaying how to decode data using PHP base64_decode. It decodes data encoded with MIME base64.
Java is one of the most used programming languages in the software world. The following example is displaying how to encrypt and decrypt the java code using AES functionality. The following code is showing you:
public static void main(String[] args) { final String secureKey = "ohhhhhh"; String myString = "My name is James Bond"; String securedString = AES.encrypt(myString, secureKey) ; String disclosedString = AES.decrypt(securedString, secureKey) ; System.out.println(myString); System.out.println(securedString); System.out.println(disclosedString); }
My name is James Bond Gg2pn1wDXOL6Xc+1jjjkZTQ9FAf2a2/LBLcwQJHN4o= My name is James Bond.
Big data is the most widely used technology to derive meaningful conclusions. There are many projects which are using this technology. NoSQL database is devised to give real-time execution while handling large volumes of data. There are many parameters such as security configuration utility, authentication methods, encryption, external password storage, and role-based authorization which come under the best data security practices.
The following example is displaying how to use a simple SSL key management strategy in the Oracle NoSQL database. When reaching a NoSQL occurrence that is guarded utilizing SSL/TLS, the user must follow the following given example.
java -Doracle.kv.security=safelogin.txt \ -jar KVHOME/lib/kvstore.jar runadmin
where the file safelogin.txt should be a representation of the customer.security file with extra features frameworks for authentication. The file would then comprise content like this:
oracle.kv.auth.username=root oracle.kv.auth.wallet.dir=login.wallet oracle.kv.transport=ssl oracle.kv.ssl.trustStore=client.trust oracle.kv.ssl.protocols=TLSv1.2,TLSv1.1,TLSv1 oracle.kv.ssl.hostnameVerifier=dnmatch(CN\=NoSQL)
In short, security is the most crucial part of any software application and various programming languages like PHP, MYSQL, Java, Python, and NoSQL have mentioned various security policies in their documentation.