Webfibre.net logoBusiness Internet Solutions Provider, North Chambers, Castle Arcade, Cardiff, CF10 1BXCall 02920 236766 or email Studio at Webfibre Dot Net
Protection against SQL Injection attacks
Security of your website is immensely important. With dynamic sites with database back ends and other dynamic data storage, protecting yourself from hack attempts requires in-depth knowledge.
Our CMS comes with a layered security policy to ensure all data passed to and from any dynamic storage medium is sanitised and validated.

One of the layers in the CMS first checks for common SQL Server attacks, if found, it refuses to deliver the page. This is done "at source" level of the HTTP header request and effectively denies any further access to any other layer of the page.

In addition, we have also employed a "hash key" check on any parameters passed through the query string. Such obvious attack layer is typically ignored by other CMS's, but is vital to ensuring any data passed by a CMS created page or value or by any custom values passed through non CMS data is sanitised before being used. So, if anyone tries to fiddle with the query string values / data, it is detected and as with the SQL Injection attack layer, the request is prevented from processing any further.

Since our CMS is also our own product, built in-house by our experienced developers, another attack vector we're not prone to is the openness some GPL products offer. Though we are not against GPL, we're a big fan of it, products based on them are widely used and hence widely popular for hackers to break into knowing once broken, they have large market to exploit. With our CMS development under lock and key with no internals exposed, it adds to our security policy and yours.

Though nothing is fully secure, after all humans are inherently error prone, the security practices we put in place should prevent the most common of attack vectors.

CMS features at a glance
Below is a list of the most common features available in our content management system. There are plenty more, this is just a summary of the main ones and we add new features frequently.
AJAX web interfaceThe aim of today's web developers is to offera desktop like application experience via your web browser, whether you call that ...  [more]
User roles & work flowControlling the flow of your content from conception to release is one ofthe mostimportant requirements for business informatio...  [more]
Version ControlKeep track of your changes over time can get confusing. Why exactly did we change that paragraph and when? Canwe reclaim a text...  [more]
Create your own designThere's a natural divide between what is content and what is a design element. Content authors are not interested in design and...  [more]
Data: Standard ListsSome content just can't be static like and image or text region. Some of it has to interact with the user on the page to give i...  [more]
Data: Advanced ListsAdvanced Lists In some cases, using a standard list may not offer you enough flexibility for your dynamic data. With advanced l...  [more]
Image management & optimisationSpeed is of the escence. If your web pages are delivered slowly to your customers browser, you lose their attention. Speedy ser...  [more]
XHTML & CSS DesignModern web design requires modern approaches. All websites are not made equal. The skills and knowledge of the designer of your...  [more]
W3C & Cross-browser compliantInternet Explorer maybe the dominant browser on the market, but it's losing it's edge day after day. In today's market we have ...  [more]
SEO & URL Friendly OutputYou can have best looking website in the world, but no one will find it if you don't advertise it. Search Engine Optimisation i...  [more]
Protection against SQL Injection attacksSecurity of your website is immensely important. With dynamic sites with database back ends and other dynamic data storage, pro...  [more]