UB Information Technology
Central Campus Web Hosting Server > Best Practices Guidelines

Best Practice Guidelines

As a Web Developer, you need to follow current best practices to ensure the security and stability of your web site and the web server. It is your responsibility to ensure your web pages and applications do not allow unauthorized or undesired use of web server. This ranges from occasional errors to impacting the ability of the server to function. Below are a few best practice recomendations.

A. Follow Current Standards
  1. Follow current standards for the languages you use to deliver your webpages. Remember to update your code as standards change.
B. Prevent Message injection
  1. Message injection (email injection) - allows scripts or outside spammers to use a text box to send an email or post to a web page.
    • prevent text boxes from adding new lines.
      • PHP:
        $field = preg_replace( "/[\n\r]+/", " ", $field);
      • PERL
        $field = s/[\n\r]+/ /g;
    • Validate human interaction
      • CAPTCHA
    • Check contents of posts
      • disallow posts with more than x number of links
    • Check HTTP_REFERER value
    • Block or allow specific IP addresses
C. Additional information will be added.




















For questions and comments regarding this page or the Central Campus Web Hosting Service, please submit a request.