SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    Happy Holidays !! Paul S's Avatar
    Join Date
    Mar 2001
    Location
    Mexico
    Posts
    1,287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Security Issues

    Does anybody know reference about this?

    I know PHP manual has a whole chapter for this, but I'm looking possible examples where PHP could be compromised. What could happen if you don't deactivated register_global, are POST variables more secure that GET ones?

    How you can protect your SQL database from somebody who want to cause it damage.
    May be I'm asking too much, but I guess this is essential to anyone who want create good programs.

    Thanks in advance.

  2. #2
    There is no general chat z0s0's Avatar
    Join Date
    Aug 1998
    Location
    Melbourne
    Posts
    172
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The golden rule:

    Never trust a variable you didn't explicity create.

    Regardless of whether you deactivate register globals or not. Pay specific attention to making sure all input data is validated - whether it be from the client via GET / POST / COOKIE (none of which are "secure" nor should they be trusted) or from databases, LDAP directories, WHOIS data, TCP socket data, _anything_.

    Then you'll be fine!
    Wormly Server Performance Monitoring
    Don't wait for an SMS at 4am. Find out what's really
    going on and fix the problem. www.wormly.com/website-monitoring

  3. #3
    Happy Holidays !! Paul S's Avatar
    Join Date
    Mar 2001
    Location
    Mexico
    Posts
    1,287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by z0s0
    The golden rule:

    Never trust a variable you didn't explicity create.
    Thanks z0s0 Actually that what I do always. It's just I would like to find a good book about this.

  4. #4

  5. #5
    SitePoint Wizard johnn's Avatar
    Join Date
    Mar 2001
    Location
    Southern California, USA
    Posts
    1,181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, look at my signature.

  6. #6
    Happy Holidays !! Paul S's Avatar
    Join Date
    Mar 2001
    Location
    Mexico
    Posts
    1,287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lveale, johnn

    Thanks to both, that's exactly what I was looking for.
    Thanks again


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •