How to prevent XSS attacks ?

T

Tim Greer

rthangam said:
I have my own website which runs on mod_perl. I need to prevent my
website from XSS ( Cross-site scripting ) attacks. Can anyone tell me
which is the best way of doing it ?. I found the following links to
handle it:

http://www.howtoforge.com/apache_mod_security
http://search.cpan.org/~lindner/Apache-TaintRequest-0.10/TaintRequest.pm

Which of these is better also is there any other ways to handle the
XSS attacks?.
Click to expand...

If you don't write code that opens that potential, you needn't worry
about using things like mod_security. That's just a way to stop
attacks on vulnerable scripts before it hits the script, which is
backward thinking for resolving a problem (if you control the script).
Exactly what things are you doing (and how are you going about doing
them) where you're introducing the potential for an XSS attack issue?
 
R

rthangam

If you don't write code that opens that potential, you needn't worry
about using things like mod_security.  That's just a way to stop
attacks on vulnerable scripts before it hits the script, which is
backward thinking for resolving a problem (if you control the script).
Exactly what things are you doing (and how are you going about doing
them) where you're introducing the potential for an XSS attack issue?
--
Tim Greer, CEO/Founder/CTO, BurlyHost.com, Inc.
Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers
and Custom Hosting.  24/7 support, 30 day guarantee, secure servers.
Industry's most experienced staff! -- Web Hosting With Muscle!
Click to expand...

Right now it is possible to tamper the URL since I am not encoding and
decoding the URL.
Will the problem get solved if i encode and decode the URL ?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to prevent copying from your site 5
non-persistent (reflected) XSS 3
how does recaptcha get around XSS protection? 6
Filter user entered Html for possible Cross Site Scripting attacks 0
ANNOUNCE: WSGI XSS Prevention Middleware 0
How to host data visualization beginner friendly? 1
So called cross-site (XSS) vulnerabilities: a new fraud or a stupidme? 1
memory manager to prevent memory leaks 4

Members online

No members online now.
Total: 29 (members: 1, guests: 28)
Robots: 236

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,022
Latest member
MaybelleMa

Latest Threads

Top