tag:forum.selfhtml.org,2005:/self Wie kann meine Website schutz gegen Angreifen – SELFHTML-Forum 2019-01-10T08:39:17Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740022#m1740022 liebewinter htmlkurss@web.de 2019-01-04T18:21:22Z 2019-01-04T18:21:22Z Wie kann meine Website schutz gegen Angreifen <p>Hallo , ich möchte euch fragen eure Meinung wie kann meine Website von angreifen schutz…</p> <p>Beispiel ,gegen <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29" rel="nofollow noopener noreferrer">XSS</a> angreift...ich möchte auch lerne wie ich eine URL in PHP Sicher machen…</p> <p>Brauchen euch nicht viele schreiben , nur mit Links wo erzählt wie man das macht ,auch Links in Englisch Sprache sind willkommen... ☺️</p> <p>Vielennn danke !</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740023#m1740023 beatovich https://beat-stoecklin.ch/pub/musik-gitarrenunterricht-laufental.html 2019-01-04T19:18:57Z 2019-01-04T19:18:57Z Wie kann meine Website schutz gegen Angreifen <p>hallo</p> <p><a href="https://www.owasp.org/index.php/Main_Page" rel="nofollow noopener noreferrer">https://www.owasp.org/index.php/Main_Page</a></p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740026#m1740026 Felix Riesterer https://felix-riesterer.de 2019-01-05T01:37:59Z 2019-01-05T01:37:59Z Wie kann meine Website schutz gegen Angreifen <p>Liebe(r) liebewinter,</p> <blockquote> <p>wie kann meine Website von angreifen schutz…</p> </blockquote> <p>indem man weiß, was man tut. Das ist kein Scherz! Je besser Du weißt, was Du da tust, desto besser kannst Du Deinen PHP-Code so schreiben, dass Angriffe gegen Deine Seite erschwert werden.</p> <p>Deine Frage zu beantworten ist sehr schwer, da es sehr stark darauf ankommt, wie Du Deinen Code aufbaust. Grundsätzlich musst Du alles, was an Daten an den Webserver geht, also <em><strong>alles im HTTP-Request, als potenziell böse behandeln</strong></em>, als wollte alles eine Schwachstelle in Deinem PHP-Code ausnützen. Wenn Du dann noch mit einer Datenbank wie MySQL oder ähnlichen arbeitest, musst Du auch noch dafür Sorge tragen, dass Daten aus dem Request nicht einfach so in den SQL-Code gelangen können.</p> <p>Das Thema ist sehr komplex! Unterschätze es nicht!</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740028#m1740028 TS ts-self@online.de https://bitworks.de 2019-01-05T08:44:01Z 2019-01-05T08:44:01Z Wie kann meine Website schutz gegen Angreifen <p>Hello,</p> <p>da muss man unterscheiden zwischen</p> <ul> <li>Angreifbarkeit wegen Systemlücken</li> <li>Angreifbarkeit wegen Programmierfehlern</li> <li>Angreifbarkeit wegen fehlender Angriffskontrolle und -abwehr</li> </ul> <p>Die dritte Variante musst Du bereits in deiner Programmierung vorsehen, z. B. durch Logging.</p> <p>Wenn z. B. von einer IP 10x hintereinander ein fehlschlagender Anmeldeversuch erfolgt, kannst Du sie (durch Systemtools) sperren lassen. Das Gleiche für unerlaubte Uploads, usw.</p> <p>Programmierfehler sind meistens solche, die ein unkontrolliertes Schreiben (z. B. durch Uploads) auf deinem Server ermöglichen. Die musst Du vermeiden!</p> <p>Glück Auf<br> Tom vom Berg</p> <div class="signature">-- <br> Es gibt nichts Gutes, außer man tut es!<br> Das Leben selbst ist der Sinn.<br> </div> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740089#m1740089 pl 2019-01-06T15:05:04Z 2019-01-06T15:05:04Z Wie kann meine Website schutz gegen Angreifen <p>Angreifer manipulieren Requestheader, täuschen z.B. einen ganz anderen Enctype vor als den sie senden. Das kann dazu führen, daß der Server solche Requests mit Informationen beantwortet die er im Regelbetrieb nicht herausgibt.</p> <p>Ds Weiteren können Pufferüberläufe den Server und nachgelagerte Prozesse zum Absturz bringen was auch gewisse Schäden verursacht.</p> <p>Sowas zu Prüfen und zu sichern ist ein weites Betätigungsfeld.</p> <p>MfG</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740027#m1740027 Felix Riesterer https://felix-riesterer.de 2019-01-05T01:40:45Z 2019-01-05T01:40:45Z Wie kann meine Website schutz gegen Angreifen <p>Lieber beatovich,</p> <p>bei aller Liebe, aber die Links in Deinem Posting sind nicht dazu geeignet, die Frage des OP auch nur im entferntesten zu beantworten!</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740174#m1740174 liebewinter htmlkurss@web.de 2019-01-07T17:54:10Z 2019-01-07T17:54:10Z Wie kann meine Website schutz gegen Angreifen <p>jetzt habe keine Datenbank , erste möchte meine Website vertig machen...ich <a href="http://htmlkurss.xyz/index.php" rel="nofollow noopener noreferrer">habe</a> eine Website als probe gemacht , ich möchte erste lernen mit ihre... ich habe auf ihn nur zwei PHP , sie sind diesen...</p> <p><strong>Erste:</strong></p> <pre><code class="block language-php"><span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">class</span> <span class="token class-name-definition class-name">ClassProveContakt3</span> <span class="token punctuation">{</span> <span class="token keyword">private</span> <span class="token variable">$Name</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$Email</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$Message</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$PostOK</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$DateTime</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$items</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">function</span> <span class="token function-definition function">__construct</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">DateTime</span> <span class="token operator">=</span> <span class="token function">date</span><span class="token punctuation">(</span><span class="token string single-quoted-string">'m/d/Y h:i:s a'</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">items</span> <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token string single-quoted-string">'Name'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'Email'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'Message'</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token variable">$flag</span> <span class="token operator">=</span> <span class="token constant boolean">true</span><span class="token punctuation">;</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">items</span> <span class="token keyword">as</span> <span class="token variable">$key</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">empty</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span><span class="token punctuation">[</span><span class="token variable">$key</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$flag</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token variable">$key</span> <span class="token operator">=</span> <span class="token function">trim</span><span class="token punctuation">(</span> <span class="token function">filter_var</span><span class="token punctuation">(</span> <span class="token variable">$_POST</span><span class="token punctuation">[</span><span class="token variable">$key</span><span class="token punctuation">]</span><span class="token punctuation">,</span> <span class="token constant">FILTER_SANITIZE_STRING</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">PostOk</span> <span class="token operator">=</span> <span class="token variable">$flag</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">function</span> <span class="token function-definition function">ShowForm</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token delimiter important">?></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>form</span> <span class="token attr-name">method</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>POST<span class="token punctuation">"</span></span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span> <span class="token attr-name">for</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>name<span class="token punctuation">"</span></span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>b</span><span class="token punctuation">></span></span>Name * <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>b</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>text<span class="token punctuation">"</span></span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>name<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>Name<span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span> <span class="token attr-name">for</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>email<span class="token punctuation">"</span></span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>b</span><span class="token punctuation">></span></span> E-mail * <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>b</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>email<span class="token punctuation">"</span></span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>email<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>Email<span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>b</span><span class="token punctuation">></span></span> Message * <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>b</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>textarea</span> <span class="token attr-name">cols</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>45<span class="token punctuation">"</span></span> <span class="token attr-name">rows</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>6<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>Message<span class="token punctuation">"</span></span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"></</span>textarea</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>submit<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>post<span class="token punctuation">"</span></span> <span class="token attr-name">value</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>POST COMMENT<span class="token punctuation">"</span></span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>comment<span class="token punctuation">"</span></span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>form</span><span class="token punctuation">></span></span> <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token punctuation">}</span> <span class="token keyword">function</span> <span class="token function-definition function">PostOkT</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">PostOK</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">empty</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Name</span><span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token keyword">empty</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Email</span><span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token keyword">empty</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Message</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token string double-quoted-string">"<br>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<b>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<h3>*** Please enter all required fields ***</h3>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"</b>"</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$file</span> <span class="token operator">=</span> <span class="token string double-quoted-string">"test.txt"</span><span class="token punctuation">;</span> <span class="token variable">$datetime</span> <span class="token operator">=</span> <span class="token function">date</span><span class="token punctuation">(</span><span class="token string single-quoted-string">'m/d/Y h:i:s a'</span><span class="token punctuation">,</span> <span class="token function">time</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$data</span> <span class="token operator">=</span> <span class="token keyword">array</span><span class="token punctuation">(</span><span class="token string double-quoted-string">"name"</span> <span class="token operator">=></span> <span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Name</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">"email"</span> <span class="token operator">=></span> <span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Email</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">"message"</span> <span class="token operator">=></span> <span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Message</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">"datetime"</span> <span class="token operator">=></span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">DateTime</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$data</span> <span class="token operator">=</span> <span class="token function">json_encode</span><span class="token punctuation">(</span><span class="token variable">$data</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">file_put_contents</span><span class="token punctuation">(</span><span class="token variable">$file</span><span class="token punctuation">,</span> <span class="token variable">$data</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"\n"</span><span class="token punctuation">,</span> <span class="token class-name">FILE_APPEND</span><span class="token operator">|</span><span class="token class-name">LOCK_EX</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$messages</span> <span class="token operator">=</span> <span class="token function">file</span><span class="token punctuation">(</span><span class="token variable">$file</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span><span class="token variable">$messages</span> <span class="token keyword">as</span> <span class="token variable">$value</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$data</span> <span class="token operator">=</span> <span class="token function">json_decode</span><span class="token punctuation">(</span><span class="token variable">$value</span><span class="token punctuation">,</span> <span class="token constant boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">echo</span> <span class="token string double-quoted-string">"<br>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<b>From: </b>"</span> <span class="token operator">.</span> <span class="token function">htmlspecialchars</span><span class="token punctuation">(</span> <span class="token variable">$data</span><span class="token punctuation">[</span><span class="token string double-quoted-string">"name"</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<b> at: </b>"</span> <span class="token operator">.</span> <span class="token function">htmlspecialchars</span><span class="token punctuation">(</span> <span class="token variable">$data</span><span class="token punctuation">[</span><span class="token string double-quoted-string">"datetime"</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token comment">#. "<br><br>" . htmlspecialchars( $data["email"]) </span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<br><br>"</span> <span class="token operator">.</span> <span class="token function">htmlspecialchars</span><span class="token punctuation">(</span> <span class="token variable">$data</span><span class="token punctuation">[</span><span class="token string double-quoted-string">"message"</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<br><hr>"</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token variable">$me</span> <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">ClassProveContakt3</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$me</span> <span class="token operator">-></span> <span class="token function">ShowForm</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$me</span> <span class="token operator">-></span> <span class="token function">PostOkT</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token delimiter important">?></span></span> </code></pre> <p><strong>Zweite:</strong></p> <pre><code class="block language-php"><span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">class</span> <span class="token class-name-definition class-name">NavigationLinkList</span> <span class="token punctuation">{</span> <span class="token keyword">private</span> <span class="token variable">$current_page</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$arLinks</span><span class="token punctuation">;</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">__construct</span><span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token operator">=</span> <span class="token constant boolean">false</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span> <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token function">addLinks</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">current_page</span> <span class="token operator">=</span> <span class="token variable">$_SERVER</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'REQUEST_URI'</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">addLinks</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$flagErrors</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token operator">&&</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'TEXT'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token comment">#Auf diesen if ,baut der array ... </span> <span class="token function">array_push</span><span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span><span class="token punctuation">,</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token constant boolean">true</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">is_array</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token keyword">as</span> <span class="token variable">$NewLink</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$NewLink</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token operator">&&</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$NewLink</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'TEXT'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token function">array_push</span><span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span><span class="token punctuation">,</span> <span class="token variable">$NewLink</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$flagErrors</span> <span class="token operator">=</span> <span class="token constant boolean">true</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">return</span> <span class="token constant boolean">false</span> <span class="token operator">==</span> <span class="token variable">$flagErrors</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">printNav</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token string single-quoted-string">' <form class="link_wechsel"> <ul>'</span> <span class="token operator">.</span> <span class="token constant">PHP_EOL</span><span class="token punctuation">;</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span> <span class="token keyword">as</span> <span class="token variable">$link</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">current_page</span> <span class="token operator">==</span> <span class="token variable">$link</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$aria</span> <span class="token operator">=</span> <span class="token string single-quoted-string">' aria-current="page"'</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$aria</span> <span class="token operator">=</span> <span class="token string single-quoted-string">''</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">echo</span> <span class="token string single-quoted-string">' <li><a'</span> <span class="token operator">.</span> <span class="token variable">$aria</span> <span class="token operator">.</span> <span class="token string single-quoted-string">' href='</span> <span class="token operator">.</span> <span class="token variable">$link</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token operator">.</span><span class="token string single-quoted-string">'>'</span> <span class="token operator">.</span> <span class="token variable">$link</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'TEXT'</span><span class="token punctuation">]</span> <span class="token operator">.</span> <span class="token string single-quoted-string">'</a></li>'</span> <span class="token operator">.</span> <span class="token constant">PHP_EOL</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">echo</span> <span class="token string single-quoted-string">' </ul> </form>'</span> <span class="token operator">.</span> <span class="token constant">PHP_EOL</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token variable">$_SERVER</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'REQUEST_URI'</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">NavigationLinkList</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">-></span> <span class="token function">addLinks</span><span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token string single-quoted-string">'URL'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'/meine/windows.php'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'TEXT'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'1'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">-></span> <span class="token function">addLinks</span><span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token string single-quoted-string">'URL'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'/meine/windows_2.php'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'TEXT'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'2'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">-></span> <span class="token function">printNav</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> </span></code></pre> <p>man kann sage , das ich diesen Code von euch bekomme habe ☺️ ,was ist deine Meinung ??</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740032#m1740032 beatovich https://beat-stoecklin.ch/pub/musik-gitarrenunterricht-laufental.html 2019-01-05T10:39:17Z 2019-01-05T10:39:17Z Wie kann meine Website schutz gegen Angreifen <p>hallo</p> <blockquote> <p>Lieber beatovich,</p> </blockquote> <blockquote> <p>... aber die Links in Deinem Posting sind nicht dazu geeignet, die Frage des OP auch nur im entferntesten zu beantworten!</p> </blockquote> <p>Ich höre auf die Begründung und hol' schon mal das Popkorn raus.</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740176#m1740176 liebewinter htmlkurss@web.de 2019-01-07T18:01:02Z 2019-01-07T18:01:02Z Wie kann meine Website schutz gegen Angreifen <blockquote> <p>Programmierfehler sind meistens solche, die ein unkontrolliertes Schreiben (z. B. durch Uploads) auf deinem Server ermöglichen. Die musst Du vermeiden!</p> </blockquote> <p>auf <a href="http://htmlkurss.xyz/index.php" rel="nofollow noopener noreferrer">meine</a> website(jetzt habe nur als probe..) man kann nichts Upload...</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740036#m1740036 Felix Riesterer https://felix-riesterer.de 2019-01-05T11:38:42Z 2019-01-05T11:38:42Z Wie kann meine Website schutz gegen Angreifen <p>Lieber beatovich,</p> <blockquote> <p>Ich höre auf die Begründung und hol' schon mal das Popkorn raus.</p> </blockquote> <p>die von Dir verlinkte Seite enthält keine Anleitungen oder Artikel, wie @liebewinter ihren Code besser schreibt. Vom Standpunkt ihres Wissens aus ist die verlinkte Seite nur eine Auflistung von Projekten, die sich alle sichere Software auf die Fahnen geschrieben haben, aber kein einziger Erklärbär-Artikel gegen XSS whatsoever.</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740042#m1740042 beatovich https://beat-stoecklin.ch/pub/musik-gitarrenunterricht-laufental.html 2019-01-05T12:13:36Z 2019-01-05T12:13:36Z Wie kann meine Website schutz gegen Angreifen <p>hallo</p> <blockquote> <p>Lieber beatovich,</p> <blockquote> <p>Ich höre auf die Begründung und hol' schon mal das Popkorn raus.</p> </blockquote> <p>die von Dir verlinkte Seite</p> </blockquote> <p>website</p> <blockquote> <p>... enthält keine Anleitungen oder Artikel,</p> </blockquote> <p><a href="https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet" rel="nofollow noopener noreferrer">https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet</a></p> <p>Die Website ist so umfangreich, dass auch du die Suchfunktion verwenden könntest.</p> <blockquote> <p>wie @liebewinter ihren Code besser schreibt. Vom Standpunkt ihres Wissens aus ist die verlinkte Seite</p> </blockquote> <p>website</p> <blockquote> <p>nur eine Auflistung von Projekten, die sich alle sichere Software auf die Fahnen geschrieben haben, aber kein einziger Erklärbär-Artikel gegen XSS whatsoever.</p> </blockquote> <p>wzbw</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740043#m1740043 liebewinter htmlkurss@web.de 2019-01-05T12:34:47Z 2019-01-05T12:45:38Z Wie kann meine Website schutz gegen Angreifen <p><a href="/users/2153" class="mention registered-user" rel="noopener noreferrer">@beatovich</a> und <a href="/users/243" class="mention registered-user" rel="noopener noreferrer">@Felix Riesterer</a> , Bitte nicht streit .</p> <p><a href="/users/2153" class="mention registered-user" rel="noopener noreferrer">@beatovich</a> , es Warh was Felix sagt , der Links die du mich gegeben hast sprechen allgemein , aber nichts etwas Konkret von was ich gefragt habe... .Ich bin sehr neue mit diesen sachen...</p> <p>ich möchte Erste lerne wie Beispiel mein URL Baut ,zum Beispiel , wenn meine Website ist http://htmlkurss.xyz/ und habe eine datei http://htmlkurss.xyz/windows.php , wie kann Sicher machen , Beispiel mit <strong>Parameterwerten</strong> , bauen , http://htmlkurss.xyz/**&ff23?**windows.php .</p> <p>Ich habe in internet nach gesucht um dieses sagen zu lerne , aber habe nichts gefunde...., deshalb habe Gestern hier gefragt... wenn ich dieser Sache gelerne habe , ich mochte prüft mit <a href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project" rel="nofollow noopener noreferrer"> OWASP ZAP</a> , wie Sicher meine Website ist…</p> <p>ich wünsche alle beide eine Schöne Wochenende !</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740059#m1740059 liebewinter htmlkurss@web.de 2019-01-05T20:06:39Z 2019-01-05T20:06:39Z Wie kann meine Website schutz gegen Angreifen <p>Nur zu fragen… ist Besser eine URL mit Parameterwerten oder ohne ?</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740061#m1740061 beatovich https://beat-stoecklin.ch/pub/musik-gitarrenunterricht-laufental.html 2019-01-05T20:43:47Z 2019-01-05T20:43:47Z Wie kann meine Website schutz gegen Angreifen <p>hallo</p> <blockquote> <p>Nur zu fragen… ist Besser eine URL mit Parameterwerten oder ohne ?</p> </blockquote> <p>Daten, die den Zustand des Servers ändern, gehören via post übertragen.</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740082#m1740082 liebewinter htmlkurss@web.de 2019-01-06T13:32:48Z 2019-01-06T13:32:48Z Wie kann meine Website schutz gegen Angreifen <p>so wie ich verstande habe , mit URL-Parameter oder ohne , die Sicherheit auf meine Website , Spiel keine rolle.....</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740084#m1740084 beatovich https://beat-stoecklin.ch/pub/musik-gitarrenunterricht-laufental.html 2019-01-06T13:52:33Z 2019-01-06T13:52:33Z Wie kann meine Website schutz gegen Angreifen <p>hallo</p> <blockquote> <p>so wie ich verstande habe , mit URL-Parameter oder ohne , die Sicherheit auf meine Website , Spiel keine rolle.....</p> </blockquote> <p>Sei dir einfach im Klaren: Alle Daten, die Bestandteil einer URL sind,</p> <ul> <li>können als Link an andere gesendet werden.</li> <li>können als Bookmark gespeichert werden.</li> <li>werden von Servern in Logfiles gespeichert.</li> <li>werden von Bots indexiert.</li> </ul> <p>Es war zum Beispiel früher üblich, im Falle von deaktivierten Cookies Session-Id's als Querystring der URL anzuhängen, was Session-Diebstahl ermöglicht.</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740175#m1740175 liebewinter htmlkurss@web.de 2019-01-07T17:56:09Z 2019-01-07T17:56:09Z Wie kann meine Website schutz gegen Angreifen <p>...und wie kann ich das verhindert ??</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740183#m1740183 Felix Riesterer https://felix-riesterer.de 2019-01-07T22:32:44Z 2019-01-07T22:32:44Z Wie kann meine Website schutz gegen Angreifen <p>Liebe(r) liebewinter,</p> <blockquote> <p>...und wie kann ich das verhindert ??</p> </blockquote> <p>Du kannst so etwas nicht verhindern. Du kannst nur Dein PHP-Script so schreiben, dass es in solchen Fällen trotzdem genau das tut, was es soll.</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740359#m1740359 pl 2019-01-10T08:39:17Z 2019-01-10T08:39:17Z Wie kann meine Website schutz gegen Angreifen <blockquote> <p>...und wie kann ich das verhindert ??</p> </blockquote> <p>Indem Du Dir anschaust wie sich solche Angriffe auswirken. Die Angriffe kannst Du zwar nicht verhindern aber die Auswirkungen.</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740185#m1740185 Felix Riesterer https://felix-riesterer.de 2019-01-07T22:34:40Z 2019-01-07T22:35:43Z Wie kann meine Website schutz gegen Angreifen <p>Liebe(r) liebewinter,</p> <blockquote> <p>auf <a href="http://htmlkurss.xyz/index.php" rel="nofollow noopener noreferrer">meine</a> website(jetzt habe nur als probe..) man kann nichts Upload...</p> </blockquote> <p>aber man kann bei <a href="http://htmlkurss.xyz/contact.php" rel="nofollow noopener noreferrer">contact.php</a> und <a href="http://htmlkurss.xyz/windows8.php" rel="nofollow noopener noreferrer">windows8.php</a> Daten zur Verarbeitung an den Server senden. Wie werden diese Daten verarbeitet? Hier kann ein Sicherheitsrisiko entstehen.</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740190#m1740190 liebewinter htmlkurss@web.de 2019-01-07T23:40:33Z 2019-01-07T23:40:33Z Wie kann meine Website schutz gegen Angreifen <p>und wie machen das ?....</p>