johnnyk Posted April 5, 2007 Share Posted April 5, 2007 I'm gonna start work on a website soon. It's gonna involve a good amount of people interacting with a DB (logging in, adding comments, voting, what not). I'm gonna write the site in PHP/MySQL. The only thing is that I've never made a website with this much DB interaction before and I'm worrying that it won't be secure. Does anyone have any suggested reading for someone who is an intermediate PHP/MySQL programmer but knows almost nothing about security? Quote Link to comment Share on other sites More sharing options...
Fergusfer Posted April 5, 2007 Share Posted April 5, 2007 Essential PHP Security (Chris Shiflett, O'Reilly) ISBN: 0-596-00656-X The first thing you should understand is the concept of "tainted" data. This is well-explained in that book, but in a nutshell: if you don't create the data in your PHP application, you should assume the data is an attack until you have successfully verified it is safe or rendered it neutral. You definitely need to understand script and SQL injection attacks and how data inspection and filtering are used to protect your application and data. This is covered in Essential PHP Security, as well as other topics, such as session hijacking. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.