News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

IBM developerWorks:
Locking down your PHP applications
May 24, 2006 @ 06:17:48

IBM developerWorks has another new tutorial today with a look at locking down your PHP applications - "four security rules you can't violate".

In this tutorial, you'll learn how to add security to your PHP Web applications. It is assumed that you've been coding PHP Web applications for at least a year, so it won't cover the basics of the language (either conventions or syntax). The goal is to make you more aware of what you should be doing to secure the Web applications you're building.

This tutorial teaches you how to guard against the most common security threats: SQL injections, the manipulation of the GET and POST variables, buffer overflow attacks, cross-site scripting attacks, data manipulation inside the browser, and remote form posting.

You'll need a system already running PHP (at least version 4.x) and MySQL on a web server (Apache or otherwise). They look briefly at some of the common security issues plaguing web applications these days before moving on to the four rules:

  • Never trust outside data or input
  • Disable PHP settings that make security difficult to enforce
  • You can't secure it if you can't understand it
  • "Defense in depth" is your new mantra
They take a look at each of these and use the rest of the article (8 more pages) showing you how to keep yourself safe from these issues.

0 comments voice your opinion now!
security locking down application tutorial rules security locking down application tutorial rules


blog comments powered by Disqus

Similar Posts

NetTuts.com: How to Use New Relic With PHP & WordPress

IBM developerWorks: Get started with Project Zero and PHP

99Points.info: Youtube Style Share Button With URL Shortening using CURL, jQuery and PHP

DevShed: Handling Result Sets and More with PDO Objects in PHP 5

Juozas Kaziukenas' Blog: Web scraping with PHP and XPath


Community Events





Don't see your event here?
Let us know!


symfony community interview framework library tool voicesoftheelephpant podcast conference composer artisanfiles introduction security laravel series release opinion language list version

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework