Fork me on GitHub

Security



Levels


Concepts


Validate Input

One of three things can be said about received data:


Functions


Register Globals


Magic Quotes

1
2
3
4
5
<?php
if (get_magic_quotes_gpc())
{
$string = stripslashes($string);
}

Escaping


XSS


CSRF


Sessions


Session Fixation


Session Hijacking


Command Injection


Security Settings


Encryption, Hashing algorithms


File uploads

  1. Assign 775 permission to upload folder
  2. Check the file using PHP functions (if its photo upload, for example)
  3. Disable directory indexes and script exection (using .htaccess or server settings)
  4. Place the upload folder outside WWW root.

Data storage


SSL

http://php.net/manual/en/book.openssl.php

blog comments powered by Disqus