Secure nginx
Nuno Magalhães
nunomagalhaes at eu.ipp.pt
Sat Feb 21 01:15:08 MSK 2009
On Fri, Feb 20, 2009 at 9:01 PM, Paul Greenwood <attaboy.p at gmail.com> wrote:
> Is there some specific parameters that are used to lock down nginx for
> example that might prevent sql injection or css attacks.
>From what i've seen, SQL injection, XSS-attacks and alike are all done
by exploiting client-side scripting (Javascript etc) or data entered
by users (into form fields). Avoiding client-side scripting could
mitigate this; as would validating all user input (this one's basic);
and escaping all code that is not part of the markup (ampersand
entities, %-codes for URLs, that sort of stuff - think bb-code). I
think none of this is directly related to the webserver and a big part
of the risk lies with users not knowing how yo use their browsers.
Nuno
More information about the nginx
mailing list