Your Favorite PHP Security List
Posted: Sat Jan 24, 2009 9:35 am
If you guys have a favorite PHP security list for the following things, so that I could ensure my client projects apply these controls, please let me know. I'm about to enter this phase on a very important project that will contain usernames, passwords, and all manner of identity information for individuals. These individuals will share info with each other on an opt-in basis, sort of like Facebook.
- XSS blocking
- cookie hack blocking
- url hack blocking (prevent some pages from being accessed without authentication; prevent someone from skipping steps like skipping ecommerce)
- SQL injection blocking
- cron jobs to check the system and alert me
- anything else
Note that I'm storing shadows of passwords, not passwords themselves, in my database. So, at least I have that covered.
- XSS blocking
- cookie hack blocking
- url hack blocking (prevent some pages from being accessed without authentication; prevent someone from skipping steps like skipping ecommerce)
- SQL injection blocking
- cron jobs to check the system and alert me
- anything else
Note that I'm storing shadows of passwords, not passwords themselves, in my database. So, at least I have that covered.