I recently started creating a website and found information about xss attacks and mysql injections.

  1. What are xss attacks and mysql injections, how can you defend against them (if you can describe it well or give a link where it is well written)
  2. Are there any other threats besides those listed above?
  3. Is it necessary to encrypt passwords in the database (if you protect your site, then I do not think that this is necessary)

Closed due to the fact that the question is too common for the participants Dmitriy Simushev , aleksandr barakin , user194374, Abyx , Nick Volynkin ♦ Jan. 29 '16 at 5:18 .

Please correct the question so that it describes the specific problem with sufficient detail to determine the appropriate answer. Do not ask a few questions at once. See “How to ask a good question?” For clarification. If the question can be reformulated according to the rules set out in the certificate , edit it .

  • 2
    This can be sooo long talk. But in order to avoid security holes, one must first gain experience ... - AseN

2 answers 2

A couple of tips:

  • use parameterized database queries, or ORM, for that matter, and no "SELECT * FROM Users WHERE id = $Id"
  • replace all < and > with &lt; and &gt; in any field that the user fills
  • Hash passwords are MANDATORY, besides all password entries will be the same length

Yes, and this is not a complete list, but, excuse me, I can not say anything about other problems

    I agree with Asen, this is quite an extensive topic. Requiring a good knowledge of technology.

    A detailed list and description can be found here.