SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    ********* Articles ArticleBot's Avatar
    Join Date
    Apr 2001
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Discussion thread for Write Secure Scripts with PHP 4.2!

    This is a dedicated thread for discussing the SitePoint article 'Write Secure Scripts with PHP 4.2!'

  2. #2
    Anonymous
    SitePoint Community Guest
    It's a good article although there is much more to be said about making secure sites. For example, a discussion of SSL communications security as it applies to PHP can't be left out of an article (perhaps a series?) having this broad a title.
    ..
    Session expiration also should be discussed. In addition to the basic idea that PHP will eventually clean up old session-ids, apps can be coded to remember the timestamp of the most recent access (in a session variable) and refuse to continue sessions that are "too old."
    ..
    I hope this article will expand into a series. He's a good writer; good book.

  3. #3
    Anonymous
    SitePoint Community Guest
    I think within the scope of the subject, ie: the why behind the new array's, the author has done a perfect job. Short, sweet and simple.. To go into detail abvout the other issues mentioned in the other comment would only have clouded and extended the article, obliterating it's usefullness.. no, I'd say 10/10..

  4. #4
    SitePoint Member
    Join Date
    Aug 2003
    Location
    At home
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    sucks

  5. #5
    Anonymous
    SitePoint Community Guest
    Just what I've been looking for these last 2 days. A clear, concise and unambiguous article with an uncanny knack for predicting newbie questions. Good code examples too. For the beginner, miles better than php.net's own explanation. Good job.
    ;-)

  6. #6
    Anonymous
    SitePoint Community Guest
    <advisor edit> no insults please, even if they're valid </advisor edit>

    Good Article...

    Mr. Skan
    Last edited by Ingoal; Jan 11, 2004 at 16:55.

  7. #7
    Anonymous
    SitePoint Community Guest
    am i wrong to use extract($_POST); ?

  8. #8
    Anonymous
    SitePoint Community Guest
    yeah its right!

  9. #9
    SitePoint Zealot openXS's Avatar
    Join Date
    May 2004
    Posts
    105
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Best way to secure the code is to Encode it with SourceGuardian II with an IP Lock.

  10. #10
    Anonymous
    SitePoint Community Guest
    nice
    great article

    Serbzilla

  11. #11
    squinky
    SitePoint Community Guest
    About the code sample on page 1 of this lesson - how would anyone know $authorized is a variable being tested for true? I don't understand why it would be a bad way to code a login, since the PHP code is unseen by the user.

  12. #12
    SitePoint Member pelowe's Avatar
    Join Date
    Sep 2002
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What about large a large site created with globals_on?

    Does anyone have any insite into the best/easiest way to upgrade a fairly large site (several hundred PHP scripts) that was created with globals_on?
    Aside from sifting through each and every script and making the proper corrections and then testing each one, I don't see any easy answer.
    Any ideas would be greatly appreciated.

    Thanx...

  13. #13
    SitePoint Member
    Join Date
    Aug 2003
    Location
    Earth
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    squinky,

    the problem is when a site uses a script you know and if security holes like this example exist in the script you can then exploit it.

  14. #14
    Andre
    SitePoint Community Guest
    i dont understand why we need to create a global variable inside the function.

    I suppose we just pass those $_POST variables when we call the function

    $authorized = login($_POST["username"], $_POST["password"])

    function login($user, $pass){
    // do whatever you want to the username & password, at the end return true if they're valid, false otherwise
    return $authorized;
    }

  15. #15
    SitePoint Member
    Join Date
    Jul 2005
    Location
    USA
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm going crazy! I copy this code and I cannot get method='POST' to work using
    $username = $_REQUEST['username']; or
    $username = $_POST['username'];

  16. #16
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Just a small typo, on page 3, in the following paragraph:

    "What's missing is the declaration of $_POST inside the function to bring it in from the global scope! In PHP 4.0, with register_globals turned on, you'd have had add a line of code to get access to the $username and $password variables inside the function:"

    Should say: ...you'd have had to add...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •