470,833 Members | 1,576 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,833 developers. It's quick & easy.

security in PHP code

Hi,
I need information about the security in PHP code, I mean in the code itself
not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.

Jul 17 '05 #1
3 1288
On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
<to*****@sympatico.ca> wrote:
Hi,
I need information about the security in PHP code, I mean in the code itself
not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.


PHP security is an extremely broad topic, so it's difficult to answer
your question directly.

The biggest rule of thumb is NEVER trust information coming from a
client. Check and re-check all input, use pattern matching to strip
out characters that don't belong there, etc. Lack of input validation
is one of the biggest and most common developer mistakes out there.

Here are some more links:

Secure Programming in PHP
http://www.zend.com/zend/art/art-oertli.php
Writing Secure Scripts with PHP 4.2!
http://www.sitepoint.com/article/758
PHP Security, Part 1 and 2
http://www.onlamp.com/pub/a/php/2003...undations.html
http://www.onlamp.com/pub/a/php/2003...undations.html
Also, make yourself intimately familiar with the information on this
site. ;)

http://www.securityfocus.com/

This is where you can read up on past mistakes vendors have made
(Bugtraq/Vulnerabilities), and also several security-related articles
on a variety of topics like XSS, SQL injection, etc.
(Library/Infocus).

Hope that helps get you started anyway...

Jul 17 '05 #2
Or if what's coming from the client is a number, cast it into an integer.

Uzytkownik "auntie social" <no@thanks.sucker> napisal w wiadomosci
news:am********************************@4ax.com...
On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
<to*****@sympatico.ca> wrote:
The biggest rule of thumb is NEVER trust information coming from a
client. Check and re-check all input, use pattern matching to strip
out characters that don't belong there, etc. Lack of input validation
is one of the biggest and most common developer mistakes out there.

Jul 17 '05 #3
Thanks a lot

"toufik toufik" <to*****@sympatico.ca> wrote in message
news:nD********************@news20.bellglobal.com. ..
Hi,
I need information about the security in PHP code, I mean in the code itself not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.

Jul 17 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

6 posts views Thread by Olaf Baeyens | last post: by
116 posts views Thread by Mike MacSween | last post: by
2 posts views Thread by Matt Theule | last post: by
1 post views Thread by web1110 | last post: by
5 posts views Thread by Norsoft | last post: by
3 posts views Thread by Velvet | last post: by
reply views Thread by mihailmihai484 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.