473,326 Members | 2,124 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

security in PHP code

Hi,
I need information about the security in PHP code, I mean in the code itself
not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.

Jul 17 '05 #1
3 1351
On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
<to*****@sympatico.ca> wrote:
Hi,
I need information about the security in PHP code, I mean in the code itself
not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.


PHP security is an extremely broad topic, so it's difficult to answer
your question directly.

The biggest rule of thumb is NEVER trust information coming from a
client. Check and re-check all input, use pattern matching to strip
out characters that don't belong there, etc. Lack of input validation
is one of the biggest and most common developer mistakes out there.

Here are some more links:

Secure Programming in PHP
http://www.zend.com/zend/art/art-oertli.php
Writing Secure Scripts with PHP 4.2!
http://www.sitepoint.com/article/758
PHP Security, Part 1 and 2
http://www.onlamp.com/pub/a/php/2003...undations.html
http://www.onlamp.com/pub/a/php/2003...undations.html
Also, make yourself intimately familiar with the information on this
site. ;)

http://www.securityfocus.com/

This is where you can read up on past mistakes vendors have made
(Bugtraq/Vulnerabilities), and also several security-related articles
on a variety of topics like XSS, SQL injection, etc.
(Library/Infocus).

Hope that helps get you started anyway...

Jul 17 '05 #2
Or if what's coming from the client is a number, cast it into an integer.

Uzytkownik "auntie social" <no@thanks.sucker> napisal w wiadomosci
news:am********************************@4ax.com...
On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
<to*****@sympatico.ca> wrote:
The biggest rule of thumb is NEVER trust information coming from a
client. Check and re-check all input, use pattern matching to strip
out characters that don't belong there, etc. Lack of input validation
is one of the biggest and most common developer mistakes out there.

Jul 17 '05 #3
Thanks a lot

"toufik toufik" <to*****@sympatico.ca> wrote in message
news:nD********************@news20.bellglobal.com. ..
Hi,
I need information about the security in PHP code, I mean in the code itself not in the setting because I'll put my code at a host.
In other words, I need the developper part of the security not the host
part.
can you please give me some hints, links,...
thanks.

Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
by: Sean Newton | last post by:
I am absolutely bewildered by now by the Microsoft.Samples SSPI and Security assemblies. I've been trying to set these up in a very straightforward harness in the way that I'd like to be able to...
6
by: Olaf Baeyens | last post by:
Can someone out there point me to a URL or other reference how to use these security stuff in .NET? I know everything can be found online on the msdn but since I am new to this security stuff, I...
1
by: Namratha Shah \(Nasha\) | last post by:
Hey Guys, Before we start with our sample app we need to view the security configuration files on the machine. You will find them under <drive>\WInNT\Microsoft.NET\FrameWork\<version>\Config ...
116
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
2
by: Matt Theule | last post by:
Where can I find information about Runtime Security Policies? I have a winform that is hosted in a webform that needs to access the filesystem. Using the Configuration mmc snapin, I have created a...
1
by: web1110 | last post by:
Hi, I set up my wifes machine to run .NET, some of my stuff runs but not all. First example: I have a windows program that displays environment info. It runs fine on my machine. Whan I...
0
by: Namratha Shah \(Nasha\) | last post by:
Hey Guys, Today we are going to look at Code Access Security. Code access security is a feature of .NET that manages code depending on its trust level. If the CLS trusts the code enough to...
16
by: Marina | last post by:
Hi, I am trying to find the minimum security settings to allow a windows control embedded in IE have full trust. If I give the entire Intranet zone full trust, this works. However, this is...
5
by: Norsoft | last post by:
I have a .Net 1.1 application which is downloaded into an aspx page. It is a dll which inherits from System.Windows.Forms.UserControl. It works fine on a PC with only the 1.1 Framework. However,...
3
by: Velvet | last post by:
I ran FxCop on one of the components for my web site and the security rules what me to add " tags like the ones listed below: This breaks my ASP.NET application. So my question is,...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.