Wie kann meine Website schutz gegen Angreifen – SELFHTML-Forum Forum als Ergänzung zum SELFHTML-Wiki und zur Dokumentation SELFHTML https://forum.selfhtml.org/self Wie kann meine Website schutz gegen Angreifen Fri, 04 Jan 19 18:21:22 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740022#m1740022 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740022#m1740022 <p>Hallo , ich möchte euch fragen eure Meinung wie kann meine Website von angreifen schutz…</p> <p>Beispiel ,gegen <a href="https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29" rel="nofollow noopener noreferrer">XSS</a> angreift...ich möchte auch lerne wie ich eine URL in PHP Sicher machen…</p> <p>Brauchen euch nicht viele schreiben , nur mit Links wo erzählt wie man das macht ,auch Links in Englisch Sprache sind willkommen... ☺️</p> <p>Vielennn danke !</p> Wie kann meine Website schutz gegen Angreifen Fri, 04 Jan 19 19:18:57 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740023#m1740023 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740023#m1740023 <p>hallo</p> <p><a href="https://www.owasp.org/index.php/Main_Page" rel="nofollow noopener noreferrer">https://www.owasp.org/index.php/Main_Page</a></p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 01:37:59 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740026#m1740026 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740026#m1740026 <p>Liebe(r) liebewinter,</p> <blockquote> <p>wie kann meine Website von angreifen schutz…</p> </blockquote> <p>indem man weiß, was man tut. Das ist kein Scherz! Je besser Du weißt, was Du da tust, desto besser kannst Du Deinen PHP-Code so schreiben, dass Angriffe gegen Deine Seite erschwert werden.</p> <p>Deine Frage zu beantworten ist sehr schwer, da es sehr stark darauf ankommt, wie Du Deinen Code aufbaust. Grundsätzlich musst Du alles, was an Daten an den Webserver geht, also <em><strong>alles im HTTP-Request, als potenziell böse behandeln</strong></em>, als wollte alles eine Schwachstelle in Deinem PHP-Code ausnützen. Wenn Du dann noch mit einer Datenbank wie MySQL oder ähnlichen arbeitest, musst Du auch noch dafür Sorge tragen, dass Daten aus dem Request nicht einfach so in den SQL-Code gelangen können.</p> <p>Das Thema ist sehr komplex! Unterschätze es nicht!</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 08:44:01 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740028#m1740028 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740028#m1740028 <p>Hello,</p> <p>da muss man unterscheiden zwischen</p> <ul> <li>Angreifbarkeit wegen Systemlücken</li> <li>Angreifbarkeit wegen Programmierfehlern</li> <li>Angreifbarkeit wegen fehlender Angriffskontrolle und -abwehr</li> </ul> <p>Die dritte Variante musst Du bereits in deiner Programmierung vorsehen, z. B. durch Logging.</p> <p>Wenn z. B. von einer IP 10x hintereinander ein fehlschlagender Anmeldeversuch erfolgt, kannst Du sie (durch Systemtools) sperren lassen. Das Gleiche für unerlaubte Uploads, usw.</p> <p>Programmierfehler sind meistens solche, die ein unkontrolliertes Schreiben (z. B. durch Uploads) auf deinem Server ermöglichen. Die musst Du vermeiden!</p> <p>Glück Auf<br> Tom vom Berg</p> <div class="signature">-- <br> Es gibt nichts Gutes, außer man tut es!<br> Das Leben selbst ist der Sinn.<br> </div> Wie kann meine Website schutz gegen Angreifen Sun, 06 Jan 19 15:05:04 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740089#m1740089 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740089#m1740089 <p>Angreifer manipulieren Requestheader, täuschen z.B. einen ganz anderen Enctype vor als den sie senden. Das kann dazu führen, daß der Server solche Requests mit Informationen beantwortet die er im Regelbetrieb nicht herausgibt.</p> <p>Ds Weiteren können Pufferüberläufe den Server und nachgelagerte Prozesse zum Absturz bringen was auch gewisse Schäden verursacht.</p> <p>Sowas zu Prüfen und zu sichern ist ein weites Betätigungsfeld.</p> <p>MfG</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 01:40:45 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740027#m1740027 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740027#m1740027 <p>Lieber beatovich,</p> <p>bei aller Liebe, aber die Links in Deinem Posting sind nicht dazu geeignet, die Frage des OP auch nur im entferntesten zu beantworten!</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> Wie kann meine Website schutz gegen Angreifen Mon, 07 Jan 19 17:54:10 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740174#m1740174 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740174#m1740174 <p>jetzt habe keine Datenbank , erste möchte meine Website vertig machen...ich <a href="http://htmlkurss.xyz/index.php" rel="nofollow noopener noreferrer">habe</a> eine Website als probe gemacht , ich möchte erste lernen mit ihre... ich habe auf ihn nur zwei PHP , sie sind diesen...</p> <p><strong>Erste:</strong></p> <pre><code class="block language-php"><span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">class</span> <span class="token class-name-definition class-name">ClassProveContakt3</span> <span class="token punctuation">{</span> <span class="token keyword">private</span> <span class="token variable">$Name</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$Email</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$Message</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$PostOK</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$DateTime</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$items</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">function</span> <span class="token function-definition function">__construct</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">DateTime</span> <span class="token operator">=</span> <span class="token function">date</span><span class="token punctuation">(</span><span class="token string single-quoted-string">'m/d/Y h:i:s a'</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">items</span> <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token string single-quoted-string">'Name'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'Email'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'Message'</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token variable">$flag</span> <span class="token operator">=</span> <span class="token constant boolean">true</span><span class="token punctuation">;</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">items</span> <span class="token keyword">as</span> <span class="token variable">$key</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">empty</span> <span class="token punctuation">(</span> <span class="token variable">$_POST</span><span class="token punctuation">[</span><span class="token variable">$key</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$flag</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token variable">$key</span> <span class="token operator">=</span> <span class="token function">trim</span><span class="token punctuation">(</span> <span class="token function">filter_var</span><span class="token punctuation">(</span> <span class="token variable">$_POST</span><span class="token punctuation">[</span><span class="token variable">$key</span><span class="token punctuation">]</span><span class="token punctuation">,</span> <span class="token constant">FILTER_SANITIZE_STRING</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">PostOk</span> <span class="token operator">=</span> <span class="token variable">$flag</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">function</span> <span class="token function-definition function">ShowForm</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token delimiter important">?></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>form</span> <span class="token attr-name">method</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>POST<span class="token punctuation">"</span></span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span> <span class="token attr-name">for</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>name<span class="token punctuation">"</span></span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>b</span><span class="token punctuation">></span></span>Name * <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>b</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>text<span class="token punctuation">"</span></span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>name<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>Name<span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span> <span class="token attr-name">for</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>email<span class="token punctuation">"</span></span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>b</span><span class="token punctuation">></span></span> E-mail * <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>b</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>email<span class="token punctuation">"</span></span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>email<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>Email<span class="token punctuation">"</span></span> <span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>label</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>b</span><span class="token punctuation">></span></span> Message * <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>b</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>textarea</span> <span class="token attr-name">cols</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>45<span class="token punctuation">"</span></span> <span class="token attr-name">rows</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>6<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>Message<span class="token punctuation">"</span></span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"></</span>textarea</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>label</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span><span class="token tag"><span class="token tag"><span class="token punctuation"><</span>br</span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"><</span>input</span> <span class="token attr-name">type</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>submit<span class="token punctuation">"</span></span> <span class="token attr-name">name</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>post<span class="token punctuation">"</span></span> <span class="token attr-name">value</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>POST COMMENT<span class="token punctuation">"</span></span> <span class="token attr-name">id</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>comment<span class="token punctuation">"</span></span><span class="token punctuation">></span></span> <span class="token tag"><span class="token tag"><span class="token punctuation"></</span>form</span><span class="token punctuation">></span></span> <span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token punctuation">}</span> <span class="token keyword">function</span> <span class="token function-definition function">PostOkT</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">PostOK</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">return</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token keyword">empty</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Name</span><span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token keyword">empty</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Email</span><span class="token punctuation">)</span> <span class="token operator">||</span> <span class="token keyword">empty</span><span class="token punctuation">(</span><span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Message</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token string double-quoted-string">"<br>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<b>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<h3>*** Please enter all required fields ***</h3>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"</b>"</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$file</span> <span class="token operator">=</span> <span class="token string double-quoted-string">"test.txt"</span><span class="token punctuation">;</span> <span class="token variable">$datetime</span> <span class="token operator">=</span> <span class="token function">date</span><span class="token punctuation">(</span><span class="token string single-quoted-string">'m/d/Y h:i:s a'</span><span class="token punctuation">,</span> <span class="token function">time</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$data</span> <span class="token operator">=</span> <span class="token keyword">array</span><span class="token punctuation">(</span><span class="token string double-quoted-string">"name"</span> <span class="token operator">=></span> <span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Name</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">"email"</span> <span class="token operator">=></span> <span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Email</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">"message"</span> <span class="token operator">=></span> <span class="token variable">$this</span><span class="token operator">-></span><span class="token property">Message</span><span class="token punctuation">,</span> <span class="token string double-quoted-string">"datetime"</span> <span class="token operator">=></span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">DateTime</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$data</span> <span class="token operator">=</span> <span class="token function">json_encode</span><span class="token punctuation">(</span><span class="token variable">$data</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token function">file_put_contents</span><span class="token punctuation">(</span><span class="token variable">$file</span><span class="token punctuation">,</span> <span class="token variable">$data</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"\n"</span><span class="token punctuation">,</span> <span class="token class-name">FILE_APPEND</span><span class="token operator">|</span><span class="token class-name">LOCK_EX</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$messages</span> <span class="token operator">=</span> <span class="token function">file</span><span class="token punctuation">(</span><span class="token variable">$file</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span><span class="token variable">$messages</span> <span class="token keyword">as</span> <span class="token variable">$value</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$data</span> <span class="token operator">=</span> <span class="token function">json_decode</span><span class="token punctuation">(</span><span class="token variable">$value</span><span class="token punctuation">,</span> <span class="token constant boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">echo</span> <span class="token string double-quoted-string">"<br>"</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<b>From: </b>"</span> <span class="token operator">.</span> <span class="token function">htmlspecialchars</span><span class="token punctuation">(</span> <span class="token variable">$data</span><span class="token punctuation">[</span><span class="token string double-quoted-string">"name"</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<b> at: </b>"</span> <span class="token operator">.</span> <span class="token function">htmlspecialchars</span><span class="token punctuation">(</span> <span class="token variable">$data</span><span class="token punctuation">[</span><span class="token string double-quoted-string">"datetime"</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token comment">#. "<br><br>" . htmlspecialchars( $data["email"]) </span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<br><br>"</span> <span class="token operator">.</span> <span class="token function">htmlspecialchars</span><span class="token punctuation">(</span> <span class="token variable">$data</span><span class="token punctuation">[</span><span class="token string double-quoted-string">"message"</span><span class="token punctuation">]</span><span class="token punctuation">)</span> <span class="token operator">.</span> <span class="token string double-quoted-string">"<br><hr>"</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token variable">$me</span> <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">ClassProveContakt3</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$me</span> <span class="token operator">-></span> <span class="token function">ShowForm</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$me</span> <span class="token operator">-></span> <span class="token function">PostOkT</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token delimiter important">?></span></span> </code></pre> <p><strong>Zweite:</strong></p> <pre><code class="block language-php"><span class="token php language-php"><span class="token delimiter important"><?php</span> <span class="token keyword">class</span> <span class="token class-name-definition class-name">NavigationLinkList</span> <span class="token punctuation">{</span> <span class="token keyword">private</span> <span class="token variable">$current_page</span><span class="token punctuation">;</span> <span class="token keyword">private</span> <span class="token variable">$arLinks</span><span class="token punctuation">;</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">__construct</span><span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token operator">=</span> <span class="token constant boolean">false</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span> <span class="token operator">=</span> <span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token function">addLinks</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">current_page</span> <span class="token operator">=</span> <span class="token variable">$_SERVER</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'REQUEST_URI'</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">addLinks</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$flagErrors</span> <span class="token operator">=</span> <span class="token constant boolean">false</span><span class="token punctuation">;</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token operator">&&</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'TEXT'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token comment">#Auf diesen if ,baut der array ... </span> <span class="token function">array_push</span><span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span><span class="token punctuation">,</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token keyword">return</span> <span class="token constant boolean">true</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token function">is_array</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span> <span class="token variable">$arNewLinks</span> <span class="token keyword">as</span> <span class="token variable">$NewLink</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$NewLink</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token operator">&&</span> <span class="token keyword">isset</span><span class="token punctuation">(</span> <span class="token variable">$NewLink</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'TEXT'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token function">array_push</span><span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span><span class="token punctuation">,</span> <span class="token variable">$NewLink</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$flagErrors</span> <span class="token operator">=</span> <span class="token constant boolean">true</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">return</span> <span class="token constant boolean">false</span> <span class="token operator">==</span> <span class="token variable">$flagErrors</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">public</span> <span class="token keyword">function</span> <span class="token function-definition function">printNav</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">echo</span> <span class="token string single-quoted-string">' <form class="link_wechsel"> <ul>'</span> <span class="token operator">.</span> <span class="token constant">PHP_EOL</span><span class="token punctuation">;</span> <span class="token keyword">foreach</span> <span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">arLinks</span> <span class="token keyword">as</span> <span class="token variable">$link</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token keyword">if</span> <span class="token punctuation">(</span> <span class="token variable">$this</span> <span class="token operator">-></span> <span class="token property">current_page</span> <span class="token operator">==</span> <span class="token variable">$link</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token punctuation">)</span> <span class="token punctuation">{</span> <span class="token variable">$aria</span> <span class="token operator">=</span> <span class="token string single-quoted-string">' aria-current="page"'</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">else</span> <span class="token punctuation">{</span> <span class="token variable">$aria</span> <span class="token operator">=</span> <span class="token string single-quoted-string">''</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">echo</span> <span class="token string single-quoted-string">' <li><a'</span> <span class="token operator">.</span> <span class="token variable">$aria</span> <span class="token operator">.</span> <span class="token string single-quoted-string">' href='</span> <span class="token operator">.</span> <span class="token variable">$link</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'URL'</span><span class="token punctuation">]</span> <span class="token operator">.</span><span class="token string single-quoted-string">'>'</span> <span class="token operator">.</span> <span class="token variable">$link</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'TEXT'</span><span class="token punctuation">]</span> <span class="token operator">.</span> <span class="token string single-quoted-string">'</a></li>'</span> <span class="token operator">.</span> <span class="token constant">PHP_EOL</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token keyword">echo</span> <span class="token string single-quoted-string">' </ul> </form>'</span> <span class="token operator">.</span> <span class="token constant">PHP_EOL</span><span class="token punctuation">;</span> <span class="token punctuation">}</span> <span class="token punctuation">}</span> <span class="token variable">$_SERVER</span><span class="token punctuation">[</span><span class="token string single-quoted-string">'REQUEST_URI'</span><span class="token punctuation">]</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">NavigationLinkList</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">-></span> <span class="token function">addLinks</span><span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token string single-quoted-string">'URL'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'/meine/windows.php'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'TEXT'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'1'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">-></span> <span class="token function">addLinks</span><span class="token punctuation">(</span> <span class="token punctuation">[</span> <span class="token string single-quoted-string">'URL'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'/meine/windows_2.php'</span><span class="token punctuation">,</span> <span class="token string single-quoted-string">'TEXT'</span> <span class="token operator">=></span> <span class="token string single-quoted-string">'2'</span> <span class="token punctuation">]</span> <span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token variable">$navListe</span> <span class="token operator">-></span> <span class="token function">printNav</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span> </span></code></pre> <p>man kann sage , das ich diesen Code von euch bekomme habe ☺️ ,was ist deine Meinung ??</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 10:39:17 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740032#m1740032 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740032#m1740032 <p>hallo</p> <blockquote> <p>Lieber beatovich,</p> </blockquote> <blockquote> <p>... aber die Links in Deinem Posting sind nicht dazu geeignet, die Frage des OP auch nur im entferntesten zu beantworten!</p> </blockquote> <p>Ich höre auf die Begründung und hol' schon mal das Popkorn raus.</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> Wie kann meine Website schutz gegen Angreifen Mon, 07 Jan 19 18:01:02 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740176#m1740176 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740176#m1740176 <blockquote> <p>Programmierfehler sind meistens solche, die ein unkontrolliertes Schreiben (z. B. durch Uploads) auf deinem Server ermöglichen. Die musst Du vermeiden!</p> </blockquote> <p>auf <a href="http://htmlkurss.xyz/index.php" rel="nofollow noopener noreferrer">meine</a> website(jetzt habe nur als probe..) man kann nichts Upload...</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 11:38:42 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740036#m1740036 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740036#m1740036 <p>Lieber beatovich,</p> <blockquote> <p>Ich höre auf die Begründung und hol' schon mal das Popkorn raus.</p> </blockquote> <p>die von Dir verlinkte Seite enthält keine Anleitungen oder Artikel, wie @liebewinter ihren Code besser schreibt. Vom Standpunkt ihres Wissens aus ist die verlinkte Seite nur eine Auflistung von Projekten, die sich alle sichere Software auf die Fahnen geschrieben haben, aber kein einziger Erklärbär-Artikel gegen XSS whatsoever.</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 12:13:36 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740042#m1740042 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740042#m1740042 <p>hallo</p> <blockquote> <p>Lieber beatovich,</p> <blockquote> <p>Ich höre auf die Begründung und hol' schon mal das Popkorn raus.</p> </blockquote> <p>die von Dir verlinkte Seite</p> </blockquote> <p>website</p> <blockquote> <p>... enthält keine Anleitungen oder Artikel,</p> </blockquote> <p><a href="https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet" rel="nofollow noopener noreferrer">https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet</a></p> <p>Die Website ist so umfangreich, dass auch du die Suchfunktion verwenden könntest.</p> <blockquote> <p>wie @liebewinter ihren Code besser schreibt. Vom Standpunkt ihres Wissens aus ist die verlinkte Seite</p> </blockquote> <p>website</p> <blockquote> <p>nur eine Auflistung von Projekten, die sich alle sichere Software auf die Fahnen geschrieben haben, aber kein einziger Erklärbär-Artikel gegen XSS whatsoever.</p> </blockquote> <p>wzbw</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 12:34:47 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740043#m1740043 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740043#m1740043 <p><a href="/users/2153" class="mention registered-user" rel="noopener noreferrer">@beatovich</a> und <a href="/users/243" class="mention registered-user" rel="noopener noreferrer">@Felix Riesterer</a> , Bitte nicht streit .</p> <p><a href="/users/2153" class="mention registered-user" rel="noopener noreferrer">@beatovich</a> , es Warh was Felix sagt , der Links die du mich gegeben hast sprechen allgemein , aber nichts etwas Konkret von was ich gefragt habe... .Ich bin sehr neue mit diesen sachen...</p> <p>ich möchte Erste lerne wie Beispiel mein URL Baut ,zum Beispiel , wenn meine Website ist http://htmlkurss.xyz/ und habe eine datei http://htmlkurss.xyz/windows.php , wie kann Sicher machen , Beispiel mit <strong>Parameterwerten</strong> , bauen , http://htmlkurss.xyz/**&ff23?**windows.php .</p> <p>Ich habe in internet nach gesucht um dieses sagen zu lerne , aber habe nichts gefunde...., deshalb habe Gestern hier gefragt... wenn ich dieser Sache gelerne habe , ich mochte prüft mit <a href="https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project" rel="nofollow noopener noreferrer"> OWASP ZAP</a> , wie Sicher meine Website ist…</p> <p>ich wünsche alle beide eine Schöne Wochenende !</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 20:06:39 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740059#m1740059 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740059#m1740059 <p>Nur zu fragen… ist Besser eine URL mit Parameterwerten oder ohne ?</p> Wie kann meine Website schutz gegen Angreifen Sat, 05 Jan 19 20:43:47 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740061#m1740061 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740061#m1740061 <p>hallo</p> <blockquote> <p>Nur zu fragen… ist Besser eine URL mit Parameterwerten oder ohne ?</p> </blockquote> <p>Daten, die den Zustand des Servers ändern, gehören via post übertragen.</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> Wie kann meine Website schutz gegen Angreifen Sun, 06 Jan 19 13:32:48 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740082#m1740082 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740082#m1740082 <p>so wie ich verstande habe , mit URL-Parameter oder ohne , die Sicherheit auf meine Website , Spiel keine rolle.....</p> Wie kann meine Website schutz gegen Angreifen Sun, 06 Jan 19 13:52:33 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740084#m1740084 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740084#m1740084 <p>hallo</p> <blockquote> <p>so wie ich verstande habe , mit URL-Parameter oder ohne , die Sicherheit auf meine Website , Spiel keine rolle.....</p> </blockquote> <p>Sei dir einfach im Klaren: Alle Daten, die Bestandteil einer URL sind,</p> <ul> <li>können als Link an andere gesendet werden.</li> <li>können als Bookmark gespeichert werden.</li> <li>werden von Servern in Logfiles gespeichert.</li> <li>werden von Bots indexiert.</li> </ul> <p>Es war zum Beispiel früher üblich, im Falle von deaktivierten Cookies Session-Id's als Querystring der URL anzuhängen, was Session-Diebstahl ermöglicht.</p> <div class="signature">-- <br> <a href="https://beat-stoecklin.ch/pub/index.html" rel="nofollow noopener noreferrer">https://beat-stoecklin.ch/pub/index.html</a> </div> Wie kann meine Website schutz gegen Angreifen Mon, 07 Jan 19 17:56:09 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740175#m1740175 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740175#m1740175 <p>...und wie kann ich das verhindert ??</p> Wie kann meine Website schutz gegen Angreifen Mon, 07 Jan 19 22:32:44 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740183#m1740183 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740183#m1740183 <p>Liebe(r) liebewinter,</p> <blockquote> <p>...und wie kann ich das verhindert ??</p> </blockquote> <p>Du kannst so etwas nicht verhindern. Du kannst nur Dein PHP-Script so schreiben, dass es in solchen Fällen trotzdem genau das tut, was es soll.</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> Wie kann meine Website schutz gegen Angreifen Thu, 10 Jan 19 08:39:17 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740359#m1740359 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740359#m1740359 <blockquote> <p>...und wie kann ich das verhindert ??</p> </blockquote> <p>Indem Du Dir anschaust wie sich solche Angriffe auswirken. Die Angriffe kannst Du zwar nicht verhindern aber die Auswirkungen.</p> Wie kann meine Website schutz gegen Angreifen Mon, 07 Jan 19 22:34:40 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740185#m1740185 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740185#m1740185 <p>Liebe(r) liebewinter,</p> <blockquote> <p>auf <a href="http://htmlkurss.xyz/index.php" rel="nofollow noopener noreferrer">meine</a> website(jetzt habe nur als probe..) man kann nichts Upload...</p> </blockquote> <p>aber man kann bei <a href="http://htmlkurss.xyz/contact.php" rel="nofollow noopener noreferrer">contact.php</a> und <a href="http://htmlkurss.xyz/windows8.php" rel="nofollow noopener noreferrer">windows8.php</a> Daten zur Verarbeitung an den Server senden. Wie werden diese Daten verarbeitet? Hier kann ein Sicherheitsrisiko entstehen.</p> <p>Liebe Grüße,</p> <p>Felix Riesterer.</p> Wie kann meine Website schutz gegen Angreifen Mon, 07 Jan 19 23:40:33 Z https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740190#m1740190 https://forum.selfhtml.org/self/2019/jan/4/wie-kann-meine-website-schutz-gegen-angreifen/1740190#m1740190 <p>und wie machen das ?....</p>