On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
<to*****@sympatico.ca> wrote:
Hi,
I need information about the security in PHP code, I mean in the code itself
not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.
PHP security is an extremely broad topic, so it's difficult to answer
your question directly.
The biggest rule of thumb is NEVER trust information coming from a
client. Check and re-check all input, use pattern matching to strip
out characters that don't belong there, etc. Lack of input validation
is one of the biggest and most common developer mistakes out there.
Here are some more links:
Secure Programming in PHP
http://www.zend.com/zend/art/art-oertli.php
Writing Secure Scripts with PHP 4.2!
http://www.sitepoint.com/article/758
PHP Security, Part 1 and 2
http://www.onlamp.com/pub/a/php/2003...undations.html http://www.onlamp.com/pub/a/php/2003...undations.html
Also, make yourself intimately familiar with the information on this
site. ;)
http://www.securityfocus.com/
This is where you can read up on past mistakes vendors have made
(Bugtraq/Vulnerabilities), and also several security-related articles
on a variety of topics like XSS, SQL injection, etc.
(Library/Infocus).
Hope that helps get you started anyway...