I'm looking at picking up PHP coding as a hobby and was looking at building a text game (like the good old BBS days). Being that people will cheat to win I would like as tight a security system as possible without bioscans.
This is the list that I need to look into in more detail. What should I add or revamp in a PHP/Mysql/Apache system?
Linux - hardened to only serve pages.
Apache - SSL, .htaccess or directory filters.
PHP - reg-globals off, sessions, public proxy back check, input validation. Includes outside the site structure. non standard php code extensions.
Mysql - use user/pass with enough rights to just get the job done. Non-standard port.
Of course patching.
I’m not looking for handholding but a good idea of what I need to learn before I start designing my security module.
Cheers,
Leer
