Learn to Code via Tutorials on Repl.it!

← Back to all posts
Website Security Tips
LiamDonohue (279)

Website Security Tips:

#1: Don't Include file exstentions in your webpage


Because someone can easily view your code by entering the file name after the URL
such as mysite.com/script.js

#2: Host Your Databases on a separate server

Again, someone could tamper with it

#3: Don't allow javascript code to be entered in text boxes

aka sanitize input. Find out more about sanitation here

#4: Name the file that has passwords stored in it something random, like Unclestevestacorecipe

any suggestions?

AmazingMech2418 (658)

For the fourth one, it is just better to store it all on a server or a database or something... If someone sees a file with a weird name, it will make the person curious and want to click it... It is known that passwords are either stored in something very generic like passwords.txt or some weird name, given that the person has the passwords public though. It is honestly better to use an authentication API on a server that reads hashes from a local file that is not hosted by the server.

Highwayman (1316)

What exactly do you mean by the top one?

LiamDonohue (279)

users don't need to know the file names especially users who may mess it up @Highwayman

Highwayman (1316)

@LiamDonohue but what do you mean by include file extentsions?

LiamDonohue (279)

like: mysite.com/index.html @Highwayman

Highwayman (1316)

@LiamDonohue OOHHH!! Oh! Ok! I see ok thank you :)

adityaru (147)

@LiamDonohue Wait, how do you remove it?

Highwayman (1316)

Option a) make a server to handle redirects
Option b) don’t name your files with file extensions.