|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Anyone have some basic security tips for PHP-programmers?
From: Herbold, John W. (JWHERBOLD
arkbluecross.com)
Date: Thu Nov 20 2003 - 13:08:49 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A simple one, but watch for overflow. If you allow a user to input, use
edits. Do not rely on HTML or Java edits, as they can bypass those by
typing in the URL. It has also been recommended that all code gets
compiled, so the code can not be compromised. I have also heard of placing
the website code on a server with a lot of memory, and placing the entire
website on a CD-ROM, so it can not be defaced.
Thanks,
John W. Herbold Jr.
Security Specialist
501-399-3939
-----Original Message-----
From: Matthews, Chris [mailto:CMatthewsMAIL.co.washoe.nv.us]
Sent: Friday, November 14, 2003 10:33 AM
To: webappsecsecurityfocus.com
Subject: Anyone have some basic security tips for PHP-programmers?
Good Morning (at least here in Nevada)
I am a graphics guy by trade, who happens to have some proficiency with
code.
Since my PHP knowledge is pretty much self-taught, however, I am certain
that I'm probably doing some hack-prone stuff.
Anyone have any hints for good PHP practices (Looking for kind of a "This
is one of the most common PHP security flaws" kind of thing)?
Chris Matthews
E-Government Information Officer
Community Relations, Washoe County
http://www.co.washoe.nv.us
775.328.3719
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]