Skip to content
← Back to Community
Website Security Tips
Profile icon
staticvoidliam7

Website Security Tips:

#1: Don't Include file exstentions in your webpage

Why?

Because someone can easily view your code by entering the file name after the URL
such as mysite.com/script.js

#2: Host Your Databases on a separate server

Again, someone could tamper with it

#3: Don't allow javascript code to be entered in text boxes

aka sanitize input. Find out more about sanitation here

#4: Name the file that has passwords stored in it something random, like Unclestevestacorecipe

any suggestions?

Voters
Profile icon
voltdrexgaming1
Profile icon
AgastyaSandhuja
Profile icon
RainKing
Profile icon
AdriaDonohue
Profile icon
Highwayman
Profile icon
staticvoidliam7
Comments
hotnewtop
Profile icon
AmazingMech2418

For the fourth one, it is just better to store it all on a server or a database or something... If someone sees a file with a weird name, it will make the person curious and want to click it... It is known that passwords are either stored in something very generic like passwords.txt or some weird name, given that the person has the passwords public though. It is honestly better to use an authentication API on a server that reads hashes from a local file that is not hosted by the server.

Profile icon
Highwayman

What exactly do you mean by the top one?

Profile icon
staticvoidliam7

users don't need to know the file names especially users who may mess it up @Highwayman

Profile icon
Highwayman

@LiamDonohue but what do you mean by include file extentsions?

Profile icon
staticvoidliam7

like: mysite.com/index.html @Highwayman

Profile icon
Highwayman

@LiamDonohue OOHHH!! Oh! Ok! I see ok thank you :)

Profile icon
staticvoidliam7

ur welcome! @Highwayman

Profile icon
ARJPEG

@LiamDonohue Wait, how do you remove it?

Profile icon
Highwayman

@adityaru
Option a) make a server to handle redirects
Option b) don’t name your files with file extensions.

Profile icon
ARJPEG

@Highwayman Oh Thnx

Profile icon
Highwayman

@adityaru yw :)