Jump to content

PHP security checklist

Q695

By Q695
in PHP Coding Help

Recommended Posts

chintansshah Member

chintansshah

Posted
Posted

Find checklist below.

 

1. SQL Injections

2. Stop Using $_REQUEST

3. Don't save plain text Password Cookies

4. register_globals = Off

 

for more details visit http://www.kavoir.com/2010/03/php-security-checklist-for-websites-and-web-applications-bottom-line-for-every-good-php-developers.html

 

thehippy Newbie

thehippy

Posted
Posted

PHP Security Consortium has a good guide.  They also have a environment check script phpsecinfo, check that out too.

PHP|Architect has written a book/guide Guide to PHP Security

O'Reilly published Essential PHP Security in '05, most types of website attacks are in it. worth having.

 

PHP isn't the only thing you should consider when dealing with security.  Think of all the components that are interacting, there is PHP of course, maybe some external libraries, external tools, a cache server,  most likely a RDBMS, the filesystem (permissions), the web server, web server modules, mail agent, the operating system.  There really is no end to it...

 

Looking at all the hosting companies out there, it makes me cringe with all the software they have installed (ex. whm/cpanel).  Just give me a minimal freebsd install, with jailed services.  Keep It Simple and Secure

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.