I was hoping that someone could share their views and tips on PHP security.
Basically I'm looking to build an online application that will be storing 'sensitive' information. In the past I have created applications where users log in with a user name and password. This communicates with a mysql database that contains a list of users and encrypted passwords.
While this may be okay for a system on a local network where the chances of being hacked are slimmer than the internet I am seeking some advice on how effective this would be on the internet.
My general plan would be to have some type of authentication for logging users in. This would then give them access to the protected information than can be parsed and displayed as necessary.
I'm not looking for 'hacking' techniques here. Just ways to provide good security in protecting sensitive data.
I also know that this has a bit of mysql involved but I hope no one minds. 🙂
Questions:
What would be the best way to protect usernames/passwords from outside users?
How can I try to stop hackers from just downloading the information I am trying to protect onto their local machine? (Does PHP help to hide this information somehow?)
Any help or advice would be appreciated.
I found this site which helped a bit. http://phpsec.org/
Thanks.
