-
January 8th, 2004, 07:39 PM
#1
Junior Member
Writing Secure PHP scripts/apps. Questions
I am fairly new to writing web applications with PHP. I know most of the basics, but I have some security questions.
I was wondering if anyone knows any tips to help make my PHP scripts more secure.
I write all my scripts assuming REGISTER GLOBALS is OFF. I have already been schooled on this issue. I also write database connections in a seperate file that is included in any page requiring a database connection.
Beyond that, I have no idea what it takes to make PHP more secure.
I am specifically looking for any practices that would prevent me from writing code that a malicious or curious user might use to access restricted areas of a web site.
Any ideas?
-
January 8th, 2004, 07:53 PM
#2
chsh wrote a nice tutorial on this here. It might be a bit old, but it should still help greatly. You might want to talk to xmaddness as well. He's helped me out quite abit.
Peace, and good luck on you PHP adventure! :-D
MB
-
January 8th, 2004, 07:55 PM
#3
A critical point is to check all user input for the presence of malicious code. In this case strip_tags() is your friend, as you can remove all html, or just some of it while leaving a specified set of tags like <b><i><u> for formatting of text. Here is a good article on writing secure PHP.
http://www.zend.com/zend/art/art-oertli.php
One of the best ways to learn I've found is by experience, so once you get your code working like you want, take a break, but come back and play with it from an outside persons view, or if you find that difficult, have a friend toy with it to see if they can find any loopholes.
You're not your post count, You're not your avatar or sig, You're not how fast your internet connection is, You are not your processor, hard drive, or graphics card. You're the all-singing, all-dancing crap of AO
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
-
January 8th, 2004, 07:57 PM
#4
Junior Member
nice
From the link you gave:
Secure PHP Programming for PHP beginners.
It's almost too easy....
Thanks
-
January 9th, 2004, 01:29 AM
#5
Member
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|