Jump to content

[SOLVED] Security and efficiency - resources?

sxiix

By sxiix
in PHP Coding Help

 Share

Recommended Posts

sxiix Newbie

sxiix

Posted
Posted

I made something that uses PHP, MySQL, AJAX, and Javascript. I generally avoided security and efficiency during its creation. Of course, now I have to focus on them.

 

Where do web developers find resources? Consumer level books? I'm talking about guys who make enterprise level systems.

premiso Regular Member

premiso

Posted
Posted

It all depends on what type of security you want?

 

AJAX, jQuery is very secure with examples of how to properly secure code.

 

Generally speaking, mysql_real_escape_string on data coming from a form in the database is best practice, and any checks you do with javascript do again before entering them into a database.

 

Also look into html_entities for comments and what not to prevent XSS injection etc.

 

As far as books, I have no clue if there are any, if there are I dunno how good/accurate they are.

Maq Prolific Member

Maq

Posted
Posted

This is an odd question.

 

I'm talking about guys who make enterprise level systems.

 

So you, or the guys, developed enterprise level systems that aren't efficient OR secure?

 

Where do web developers find resources?

 

Google, tutorials, development standards, books etc...

 

Consumer level books?

 

Amazon.com?

sxiix Newbie

sxiix

Posted
  • Author
Posted

It all depends on what type of security you want?

 

Strong security, what else would I want?  :P

 

As far as books, I have no clue if there are any, if there are I dunno how good/accurate they are.

 

I can't imagine guys who make huge development projects to be scrounging around forums asking questions. PHP.net is good, but only if you know what you're looking for, like specific functions.

 

Let's be very bold here: Google-level developers. Where do they get their information? Even schooling is based on books.

sxiix Newbie

sxiix

Posted
  • Author
Posted

This is an odd question.

 

I'm talking about guys who make enterprise level systems.

So you, or the guys, developed enterprise level systems that aren't efficient OR secure?

 

No, but I'd like to learn from the best of the best. All the resources I'm finding seem to be like puzzle pieces. Is this really how development research works?

premiso Regular Member

premiso

Posted
Posted

Let's be very bold here: Google-level developers. Where do they get their information? Even schooling is based on books.

 

You want to know the truth? They get it from learning the language and "googling" exploits. The only way to know your code is secure is to learn from other people's mistakes honestly. An exploit is unknown to most until someone actively "stumbles" upon one.

 

Like I said before, as long as you follow PHP standards, do not allow register_globals to be on and code for it not being on, defining your values verifying your data before you execute it or insert it into a DB, and making sure you are not on a shared host (those are just security flaws in their self) and making sure your server box is secure it is all relevant. Honestly you would just be wasting money buying a book.

 

http://www.google.com/search?hl=en&q=php+security&btnG=Search

 

Should provide you with more than enough information. I would bet, 100 times over that any book you buy will not have every security and it is outdated with PHP 4 or even PHP 3 code. But if you want to waste money on it...

 

http://www.google.com/search?hl=en&q=php+security+books&btnG=Search

 

Google is your key friend.

sxiix Newbie

sxiix

Posted
  • Author
Posted

Let's be very bold here: Google-level developers. Where do they get their information? Even schooling is based on books.

 

You want to know the truth? They get it from learning the language and "googling" exploits. The only way to know your code is secure is to learn from other people's mistakes honestly. An exploit is unknown to most until someone actively "stumbles" upon one.

 

Like I said before, as long as you follow PHP standards, do not allow register_globals to be on and code for it not being on, defining your values verifying your data before you execute it or insert it into a DB, and making sure you are not on a shared host (those are just security flaws in their self) and making sure your server box is secure it is all relevant. Honestly you would just be wasting money buying a book.

 

http://www.google.com/search?hl=en&q=php+security&btnG=Search

 

Should provide you with more than enough information. I would bet, 100 times over that any book you buy will not have every security and it is outdated with PHP 4 or even PHP 3 code. But if you want to waste money on it...

 

http://www.google.com/search?hl=en&q=php+security+books&btnG=Search

 

Google is your key friend.

 

Alright, I figured this was how it all worked. Just had to be sure.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.