PDA

View Full Version : Basic PHP-security must knows?


MrApples
11-06-2007, 10:08 PM
Anyone have a link to, or have in mind a list of the basic PHP must knows when it comes to security? I'm not even sure what 'injections' are but I know they have something to do with forms.

Guest190829
11-07-2007, 01:20 AM
Adrian has written a really nice article here:

https://vborg.vbsupport.ru/showthread.php?t=154411&highlight=Security

This keeps vBulletin specifics in mind.

You can always check the PHP manual as well:

http://www.php.net/manual/en/security.php

Andrew Green
11-07-2007, 01:54 AM
Anyone have a link to, or have in mind a list of the basic PHP must knows when it comes to security? I'm not even sure what 'injections' are but I know they have something to do with forms.

Injections are not "really" php, but SQL.

A rather simple way of understanding what a SQL injection is: http://xkcd.com/327/ :D

Basically it comes down to never trusting the user, meaning having a very strong filter in between anything they can input and what gets sent to the database.

Marco van Herwaarden
11-07-2007, 03:49 AM
Hehe, that comic is spot on.

MrApples
11-08-2007, 02:05 AM
Thanks. That clears up the whole how they can break in thing big time.

Adrian Schneider
11-08-2007, 05:59 AM
love the comic :D