security in PHP code

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • toufik toufik
    #1

    security in PHP code

    Hi,
    I need information about the security in PHP code, I mean in the code itself
    not in the setting because I'll put my code at a host.
    In other words, I need the developper part of the security not the host
    part.
    can you please give me some hints, links,...
    thanks.



    Tags: None
    • auntie social
      #2
      Re: security in PHP code

      On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
      <toufiki@sympat ico.ca> wrote:
      [color=blue]
      >Hi,
      >I need information about the security in PHP code, I mean in the code itself
      >not in the setting because I'll put my code at a host.
      >In other words, I need the developper part of the security not the host
      >part.
      >can you please give me some hints, links,...
      >thanks.
      >
      >[/color]

      PHP security is an extremely broad topic, so it's difficult to answer
      your question directly.

      The biggest rule of thumb is NEVER trust information coming from a
      client. Check and re-check all input, use pattern matching to strip
      out characters that don't belong there, etc. Lack of input validation
      is one of the biggest and most common developer mistakes out there.

      Here are some more links:

      Secure Programming in PHP
      404: Not Found | Zend
      http://www.zend.com/zend/art/art-oertli.php



      Writing Secure Scripts with PHP 4.2!
      Attention Required! | Cloudflare
      http://www.sitepoint.com/article/758



      PHP Security, Part 1 and 2
      Radar - O’Reilly
      http://www.onlamp.com/pub/a/php/2003/07/31/php_foundations.html
      Now, next, and beyond: Tracking need-to-know trends at the intersection of business and technology

      Radar - O’Reilly
      http://www.onlamp.com/pub/a/php/2003/08/28/php_foundations.html
      Now, next, and beyond: Tracking need-to-know trends at the intersection of business and technology



      Also, make yourself intimately familiar with the information on this
      site. ;)

      http://www.securityfocus.com/


      This is where you can read up on past mistakes vendors have made
      (Bugtraq/Vulnerabilities ), and also several security-related articles
      on a variety of topics like XSS, SQL injection, etc.
      (Library/Infocus).

      Hope that helps get you started anyway...

        Comment

        • Chung Leong
          #3
          Re: security in PHP code

          Or if what's coming from the client is a number, cast it into an integer.

          Uzytkownik "auntie social" <no@thanks.suck er> napisal w wiadomosci
          news:amg020t0u4 907irp6qlkbtlf4 hjd9q3m1m@4ax.c om...[color=blue]
          > On Tue, 3 Feb 2004 17:53:09 -0500, "toufik toufik"
          > <toufiki@sympat ico.ca> wrote:
          > The biggest rule of thumb is NEVER trust information coming from a
          > client. Check and re-check all input, use pattern matching to strip
          > out characters that don't belong there, etc. Lack of input validation
          > is one of the biggest and most common developer mistakes out there.[/color]


            Comment

            • toufik toufik
              #4
              Re: security in PHP code

              Thanks a lot

              "toufik toufik" <toufiki@sympat ico.ca> wrote in message
              news:nDVTb.1313 1$9U5.602472@ne ws20.bellglobal .com...[color=blue]
              > Hi,
              > I need information about the security in PHP code, I mean in the code[/color]
              itself[color=blue]
              > not in the setting because I'll put my code at a host.
              > In other words, I need the developper part of the security not the host
              > part.
              > can you please give me some hints, links,...
              > thanks.
              >
              >
              >[/color]


                Comment

                Previous template Next
                Working...