It's time to discuss the best security practices, without which this story would not be complete:
- Do not retain the password: The HTTP basic authentication is deprecated, so use other techniques such as OAuth to make a more secure application following standards. Use safe OAuth tokens instead of passwords.
- Perform the input validation: You should always sanitize all input data. You need to check string length, validate file types, and check the minimum and maximum values to be sure that all the data sent to the server via the
POST request is in the proper format and length.
- Filter input and sanitize output: You should always filter all the data that comes from the client to the web server and sanitize all the data coming back ...