WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Anyone have some basic security tips for PHP-programmers?

From: "Herbold, John W." <JWHERBOLD () arkbluecross com>
Date: Thu, 20 Nov 2003 13:08:49 -0600
A simple one, but watch for overflow.  If you allow a user to input, use
edits.  Do not rely on HTML or Java edits, as they can bypass those by
typing in the URL.  It has also been recommended that all code gets
compiled, so the code can not be compromised.  I have also heard of placing
the website code on a server with a lot of memory, and placing the entire
website on a CD-ROM, so it can not be defaced.


Thanks,

John W. Herbold Jr.
Security Specialist
501-399-3939



-----Original Message-----
From: Matthews, Chris [mailto:CMatthews () MAIL co washoe nv us]
Sent: Friday, November 14, 2003 10:33 AM
To: webappsec () securityfocus com
Subject: Anyone have some basic security tips for PHP-programmers?


Good Morning (at least here in Nevada)

I am a graphics guy by trade, who happens to have some proficiency with
code.

Since my PHP knowledge is pretty much self-taught, however, I am certain
that I'm probably doing some hack-prone stuff.

Anyone have any hints for good PHP practices  (Looking for kind of a "This
is one of the most common PHP security flaws" kind of thing)?

Chris Matthews
E-Government Information Officer
Community Relations, Washoe County
http://www.co.washoe.nv.us
775.328.3719
Previous By Date Next
Previous By Thread Next

Current thread: