News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Vinu Thomas' Blog:
Secure web development, an after thought?
December 18, 2009 @ 10:48:59

In this recent post to his blog Vinu Thomas touches on a few wrong ideas floating around about web application security (some specific to PHP) and tries to correct them.

When I talk to developers about security in web development, I usually get the answer that the security is taken care by the systems team by securing the server and by using the https protocol. In reality that is just the tip of the iceberg on security. There's much more you should do as a developer to incorporate security into your applications.

He points out that https doesn't secure your website, it only secures the communication between the client and server. You're still open to all of the usual attacks. Input validation can go a long way to helping to prevent this. He also mentions two insecure practices he's seen over and over - using file names in the URL parameters and using remote includes in an application (giving the remote site a direct line into your application's backend).

0 comments voice your opinion now!
secure development afterthought


blog comments powered by Disqus

Similar Posts

Daniel Cousineau's Blog: Setting Up Mail() on Windows, or: Where is my Windows Sendmail.exe?

Gonzalo Ayuso: Book review: CouchDB and PHP Web Development

MT-Soft Blog: Creating a secure PHP production environment from Source Code

PHPMaster.com: What’s Continuous Deployment?

Juozas Kaziukenas' Blog: PayPal payment with encryption


Community Events

Don't see your event here?
Let us know!


interview api opinion release introduction configure conference library podcast community framework language laravel example performance application php7 symfony2 series voicesoftheelephpant

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework