Your Favorite PHP Security List

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
supermike
Forum Contributor
Posts: 193
Joined: Tue Feb 28, 2006 8:30 pm
Location: Somewhere in the Desert, USA

Your Favorite PHP Security List

Post by supermike »

If you guys have a favorite PHP security list for the following things, so that I could ensure my client projects apply these controls, please let me know. I'm about to enter this phase on a very important project that will contain usernames, passwords, and all manner of identity information for individuals. These individuals will share info with each other on an opt-in basis, sort of like Facebook.

- XSS blocking
- cookie hack blocking
- url hack blocking (prevent some pages from being accessed without authentication; prevent someone from skipping steps like skipping ecommerce)
- SQL injection blocking
- cron jobs to check the system and alert me
- anything else

Note that I'm storing shadows of passwords, not passwords themselves, in my database. So, at least I have that covered.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Your Favorite PHP Security List

Post by kaisellgren »

Are you looking for a list of attacks and security features or are you looking for information about how to protect from them?
supermike
Forum Contributor
Posts: 193
Joined: Tue Feb 28, 2006 8:30 pm
Location: Somewhere in the Desert, USA

Re: Your Favorite PHP Security List

Post by supermike »

How to protect from them.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Re: Your Favorite PHP Security List

Post by jmut »

User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Your Favorite PHP Security List

Post by kaisellgren »

Post Reply