Secure nginx

Nuno Magalhães nunomagalhaes at
Sat Feb 21 01:15:08 MSK 2009

On Fri, Feb 20, 2009 at 9:01 PM, Paul Greenwood <attaboy.p at> wrote:
> Is there some specific parameters that are used to lock down nginx for
> example that might prevent sql injection or css attacks.

>From what i've seen, SQL injection, XSS-attacks and alike are all done
by exploiting client-side scripting (Javascript etc) or data entered
by users (into form fields). Avoiding client-side scripting could
mitigate this; as would validating all user input (this one's basic);
and escaping all code that is not part of the markup (ampersand
entities, %-codes for URLs, that sort of stuff - think bb-code). I
think none of this is directly related to the webserver and a big part
of the risk lies with users not knowing how yo use their browsers.


More information about the nginx mailing list