SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Aug 2004
    Location
    Idaho
    Posts
    0
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Top 5 Security Issues

    I have read Kevin Yanks book and he mentioned a few security holes that need to be addressed but it seems like there are some that he didn't mention. For example the copy() function. I read in a post that that is not the best way to upload files.

    I would like to know what are the top 5 security concerns when it comes to using php and mysql. What are the things that beginners forget to consider?

  2. #2
    public static void brain Gybbyl's Avatar
    Join Date
    Jun 2002
    Location
    Montana, USA
    Posts
    647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    0) Using Register Globals Stupidly (or Just Registering Globals)
    1) Storing Cleartext Passwords
    2) Not Validating Form Input
    3) Get vs. Post Form Methods
    4) Interpolating too much PHP into HTML (not directly security, but can lead to it)

    imo
    Ryan

  3. #3
    SitePoint Guru
    Join Date
    Jun 2004
    Location
    Finland
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Amazingly often people name their include-files (containing php) as .inc, which reveals the source to anyone knowing the url.

  4. #4
    SitePoint Wizard Dangermouse's Avatar
    Join Date
    Oct 2003
    Posts
    1,024
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    3) Get vs. Post Form Methods

  5. #5
    SitePoint Guru
    Join Date
    Jul 2004
    Location
    Raleigh, NC
    Posts
    783
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Sorccu
    Amazingly often people name their include-files (containing php) as .inc, which reveals the source to anyone knowing the url.
    in general you are correct. however there is a right way to do this. i do it but i also configured my server (apache) to parse .inc files as php

  6. #6
    Put your best practices away. The New Guy's Avatar
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    2,087
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    Why bother though? Is myinclude.inc.php so hard?
    "A nerd who gets contacts
    and a trendy hair cut is still a nerd"

    - Stephen Colbert on Apple Users


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •