January 8th, 2004, 06:39 PM
Writing Secure PHP scripts/apps. Questions
I am fairly new to writing web applications with PHP. I know most of the basics, but I have some security questions.
I was wondering if anyone knows any tips to help make my PHP scripts more secure.
I write all my scripts assuming REGISTER GLOBALS is OFF. I have already been schooled on this issue. I also write database connections in a seperate file that is included in any page requiring a database connection.
Beyond that, I have no idea what it takes to make PHP more secure.
I am specifically looking for any practices that would prevent me from writing code that a malicious or curious user might use to access restricted areas of a web site.
January 8th, 2004, 06:53 PM
chsh wrote a nice tutorial on this here. It might be a bit old, but it should still help greatly. You might want to talk to xmaddness as well. He's helped me out quite abit.
Peace, and good luck on you PHP adventure! :-D
January 8th, 2004, 06:55 PM
A critical point is to check all user input for the presence of malicious code. In this case strip_tags() is your friend, as you can remove all html, or just some of it while leaving a specified set of tags like <b><i><u> for formatting of text. Here is a good article on writing secure PHP.
One of the best ways to learn I've found is by experience, so once you get your code working like you want, take a break, but come back and play with it from an outside persons view, or if you find that difficult, have a friend toy with it to see if they can find any loopholes.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
January 8th, 2004, 06:57 PM
From the link you gave:
It's almost too easy....
Secure PHP Programming for PHP beginners.
January 9th, 2004, 12:29 AM