If you guys have a favorite PHP security list for the following things, so that I could ensure my client projects apply these controls, please let me know. I'm about to enter this phase on a very important project that will contain usernames, passwords, and all manner of identity information for individuals. These individuals will share info with each other on an opt-in basis, sort of like Facebook.
- XSS blocking
- cookie hack blocking
- url hack blocking (prevent some pages from being accessed without authentication; prevent someone from skipping steps like skipping ecommerce)
- SQL injection blocking
- cron jobs to check the system and alert me
- anything else
Note that I'm storing shadows of passwords, not passwords themselves, in my database. So, at least I have that covered.
Your Favorite PHP Security List
Moderator: General Moderators
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: Your Favorite PHP Security List
Are you looking for a list of attacks and security features or are you looking for information about how to protect from them?
-
supermike
- Forum Contributor
- Posts: 193
- Joined: Tue Feb 28, 2006 8:30 pm
- Location: Somewhere in the Desert, USA
Re: Your Favorite PHP Security List
How to protect from them.
Re: Your Favorite PHP Security List
This covers it all pretty much.
http://www.pixelated-dreams.com/uploads ... tSheet.pdf
http://www.pixelated-dreams.com/uploads ... tSheet.pdf
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.