Security Advice need

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
leulae
Forum Newbie
Posts: 14
Joined: Fri Jan 01, 2010 2:48 am

Security Advice need

Post by leulae »

New to PHP want to design web based data entry system, My issue with security, How to authenticate, how to restrict access the pages directly without login, encryption, manage sessions, How professional programs work, Please advise me

Thanks in advance

leulae
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: Security Advice need

Post by Apollo »

That's a lot of random issues. For starters, how do you wish to restrict page access other than by means of a login? Specific IP's only? (bad idea imho)
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Security Advice need

Post by kaisellgren »

Indeed a lot of random issues. For starters, I can only recommend learning PHP first, and only then implement more or less secure systems.
Griven
Forum Contributor
Posts: 165
Joined: Sat May 09, 2009 8:23 pm

Re: Security Advice need

Post by Griven »

Learn to crawl before you run, Leulae. Rome wasn't built in a day. However, here are a few points to get you started with what you ask.

Security - Far too broad of an issue to deal with directly.
Authentication - http://www.phpeasystep.com/workshopview.php?id=6
Restrict access to pages without login - Do you mean if someone isn't logged in, then they don't get to see a page? Easily done with sessions (see below) and authentication (see above)
Sessions - http://www.tizag.com/phpT/phpsessions.php
leulae
Forum Newbie
Posts: 14
Joined: Fri Jan 01, 2010 2:48 am

Re: Security Advice need

Post by leulae »

Thank you all
codwrex
Forum Newbie
Posts: 5
Joined: Wed Jan 20, 2010 3:38 am

Re: Security Advice need

Post by codwrex »

very simple steps

1. $_GET:allow only alphanumeric
2. if ur using ?page=1 ...etc, make sure $page=(int)$_GET['page']; //thats the easiest way to sanitize numbers.


and lots more ...but first learn PHP
Post Reply