Practical PHP Programming:Security concerns
From IpbWiki
The Internet is sadly not a safe place, mostly thanks to a small percentage of its users who feel the need to attack other users electronically. The reasons for the various attacks vary – sometimes it is for monetary gain, where attackers find holes in your code that they can exploit to their advantage, and other times it is just for fun. Either way, computer security has been a hot topic for years, and does not seem to be improving all that much.
This chapter is split into three distinct parts: part one discusses how to write secure PHP code, which includes methods of programming that are hard if not impossible to crack, part two discusses how to host PHP on a server where other people can write scripts, and part three discusses using PHP to encrypt and decrypt data.
Topics covered in this chapter are:
- Why register_globals matters
- How to program secure PHP
- Considerations for people who host others' web sites
- Safe mode PHP
- Encryption, simple and advanced
Chapter contents
- 16.1. Practical_PHP_Programming:Programming secure PHP
- 16.1.1. Practical_PHP_Programming:Why enabling register_globals is evil
- 16.1.2. Practical_PHP_Programming:Choose your file extension carefully
- 16.1.3. Practical_PHP_Programming:Put key files outside your document root
- 16.1.4. Practical_PHP_Programming:Remember that most files are public
- 16.1.5. Practical_PHP_Programming:Hide your identity
- 16.1.6. Practical_PHP_Programming:Hiding PHP
- 16.1.7. Practical_PHP_Programming:Restrict general database access
- 16.1.8. Practical_PHP_Programming:Restrict PHP database access
- 16.1.9. Practical_PHP_Programming:Denial of service
- 16.1.10. Practical_PHP_Programming:Pre-initialise important variables to safe values
- 16.1.11. Practical_PHP_Programming:Be wary of session fixation
- 16.2. Practical_PHP_Programming:Hosting PHP
- 16.3. Practical_PHP_Programming:Protecting your data
- 16.3.1. Practical_PHP_Programming:Data encryption
- 16.3.2. Practical_PHP_Programming:Encryption terms you need to know
- 16.3.3. Practical_PHP_Programming:Asymmetric vs symmetric encryption
- 16.3.4. Practical_PHP_Programming:Basic symmetric encryption in action
- 16.3.5. Practical_PHP_Programming:Advanced symmetric encryption
- 16.3.6. Practical_PHP_Programming:Symmetric decryption
- 16.3.7. Practical_PHP_Programming:Changing encryption algorithm
- 16.3.8. Practical_PHP_Programming:Changing block cipher mode
- 16.4. Practical_PHP_Programming:Hardened PHP