Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End how to create a secure form

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #190470
    robetnobe
    Participant

    how to create a form safe and clean urls like the example below
    <form action=”tes.php” method=”post”>
    <input type=”text” name=”username” placeholder=”username”>
    <input type=”submit” name=”submit” value=”submit”>
    </form>

    #190478
    __
    Participant

    This is not a question.

    Can you explain further? Is there a particular problem you are trying to solve/ question you are trying to answer?

    #190489
    LewisCowles1986
    Participant

    This is a question, it is also very clear…

    HTML5 forms spec from w3c – pattern

    To create a secure form with a clean url
    * you should use post (as you are)
    * you should include a CSRF token, known in WP as a nonce to verify the source for the request (this “nonce” means something wholely different in UK btw)
    * you should make sure SSL certificate is installed on the server and has been checked outto not include vulnerabilities
    * you should make good use of attributes like required, pattern etc where advantageous
    * you should try to checksum the input using JS (focus on smaller forms)

    backend this could mean
    * checking the CSRF
    * verifying checksums
    * validating data using filters and custom functions (google php-seclib, it would be a start)

    other things
    * try to ensure UTF-8 encoding on forms and always add attributes for send multipart
    * ensure you do not enter anything into a database or storage system without sanitizing first (removing poison bytes, script & html tags etc)

Viewing 3 posts - 1 through 3 (of 3 total)
  • The forum ‘Back End’ is closed to new topics and replies.