Providing Security to the website forms - Mostlikers

23 March, 2016

Providing Security to the website forms

Most of the website forms face security issues. Generally the user side faces the most of the issues. Hackers can easily crack through user side validation. This post will give you a clear picture of how to prevent website from server side and user side validation security issues.

Providing Security to the website forms



Here are our top 5 tips to keep you and your website and forms safe.
  • Form validation / Server side validation
  • Captcha
  • Disable the action button
  • Sql injections
  • Prevent Form Double Submit

Form validation / Server side validation


Validation must be carried out on both server and browser sides. Simple errors like failure in mandatory fields which have been left empty and when a text is entered in field which accepts number can be identified by the browser.

Validation Script


But if you want to bypass these you must check these validations and a deep validation over server side as if we fail to do so it may lead to bad code, Also it can cause insertion of scripting code into the database. These things can lead to unwanted results over the website.

For more information on the server and browser side validation check the links below: 

Browser side form validation :
Server side form validation :

Server side validation most the form covered by the Login, and singup so follow below topic. 

Captcha


Captcha is a system to prevent robots and spammers from websites.This is used to prevent unnecessary form submission on a webpage.It is a challenge-response test which is used to determine weather you are a human.

How to create captcha image


Captch mainly uses registration form. There 2 types of captcha you can use.Below i have listed the method to create different types of captcha. Check the link for further information.

Static captcha

Write the script for actions buttons, Before submit the form check all the fields are validate are are then only allow to click the submit button. Use jquery to disable and enable the form script.


<html>
<head>
<script src="//code.jquery.com/jquery-1.11.0.min.js"></script>
<script src="http://ajax.aspnetcdn.com/ajax/jquery.validate/1.13.1/jquery.validate.min.js">
</script>
</head>
<body>
<form id="user_form" method="post">
<p><input type="text" class="required" name="firstname" /></p>
<p><input type="text" class="required" name="lastname" /></p>
<p><input type="email" class="required" name="email" /></p>
<p><input type="submit" name="send" class="submit_form" value="Submit"></p>
</form>
</body>
</html>

script
<script type="text/javascript">
$(".submit_form").attr("disabled",true);
$("#user_form").validation();
$(document).on('change','#user_form',function(){
if($('#user_form').valid()){
$(".submit_form").attr("disabled",false);
}
else {
$(".submit_form").attr("disabled",true);
}
return false;
});
</script>


SQL injections


SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. Now a days most of the MVC platforms are built with the sql injection. If you not familiar with the MVC Pattern try to use PDO and Mysqli avoiding mysql as it's deprecated.

Sql


I have posted topics related with PDO and mysqli basic function it will help you to get more information about the SQL injucations.


Prevent form multiple time submit


A quick double click on submit button form value will be posted twice.Due to delay in form post action leads to multiple submit click from the users. To avoid this kind of errors we must disable the submit button once the button is clicked.

Here i have shared jquery function to disable the button.
    
<html> 
<body> 
     <form id="user_form" method="post"> 
     <p><input type="text" class="required" name="firstname" /></p> 
     <p><input type="email" class="required" name="email" /></p> 
     <p><input type="submit" name="send" class="submit_form" value="Submit"></p> 
     </form> 
 </body> 
 </html>
 
 <script src="//code.jquery.com/jquery-1.10.2.min.js"></script> 
 <script type="text/javascript"> 
 $(document).on('submit','#user_form',function(){ 
    $(".submit_form").attr("disabled",true); 
 return false; 
 }); 
 </script>

There are other parameters which play a major role in safety of your website like SSL certification
and https protocol service.We have stated few top queries which can resolve your issues to a
maximum level.

Stay tuned to our facebook page for any updates on the above mentioned post.








Related Topics