WANTED - security primer.... - PHPBuilder Forums

WANTED - security primer....

Cinquecento

Us self taught PHP scripters must be leaving gaping security holes in sites without even being aware of it....

Is there an article/guide on basic site security that will close the open door to script kiddies and the like?

I'm interested in PHP/MySQL/Linux 'fortifications'

Ian

bastien

first is the webserver itself
-depending on who is hosting the site you may not have access and have to trust their sys admin to make the server secure

i won't go into too much depth here

there is a really good book on security

'maximum security' isbn 1-57521-268-4 (Sams publishing)well worth a read

as for code:

validate validate validate validate everything
- use all the tools and functions to ensure that all is safe and conforming to expected data
  -is_numeric
  -is_string
  -etc
use the maximum length attribute in text boxes
don't pass sensitive data with GET
ensure register_globals is off
protect against sql injection (read[url ='http://www.aspfaqs.com/ASPScripts/PrintFAQ.asp?FAQID=194'] here[/url])
ensure that any files uploaded have authorized extensions that you set

also see here for an article on security

hth