Page 1 of 1

Your Favorite PHP Security List

Posted: Sat Jan 24, 2009 9:35 am
by supermike
If you guys have a favorite PHP security list for the following things, so that I could ensure my client projects apply these controls, please let me know. I'm about to enter this phase on a very important project that will contain usernames, passwords, and all manner of identity information for individuals. These individuals will share info with each other on an opt-in basis, sort of like Facebook.

- XSS blocking
- cookie hack blocking
- url hack blocking (prevent some pages from being accessed without authentication; prevent someone from skipping steps like skipping ecommerce)
- SQL injection blocking
- cron jobs to check the system and alert me
- anything else

Note that I'm storing shadows of passwords, not passwords themselves, in my database. So, at least I have that covered.

Re: Your Favorite PHP Security List

Posted: Sat Jan 24, 2009 9:50 am
by kaisellgren
Are you looking for a list of attacks and security features or are you looking for information about how to protect from them?

Re: Your Favorite PHP Security List

Posted: Sat Jan 24, 2009 10:42 am
by supermike
How to protect from them.

Re: Your Favorite PHP Security List

Posted: Sat Jan 24, 2009 3:20 pm
by jmut

Re: Your Favorite PHP Security List

Posted: Sat Jan 24, 2009 4:02 pm
by kaisellgren