Security Basics: PHP

June 6, 2005, 7:03 pm

For those who are using scripts like Moveable Type and Wordpress, they have little to worry about security since they only need to wait for patches and upgrades. But for those who make their own PHP scripts from scratch, Chris Shifflet outlines some measures and guidelines.

  • The register_globals directive is a security risk, so do not rely on it as much
  • Filter input and sanitize output
  • Filter all foreign data
  • Filter data using a whitelist approach
  • Use existing functions in data filtering
  • Use a sctrict naming conventions
  • Try placing all modules outside the document root
  • Try escaping all characters that can be escaped

For further information, download Shifflet’s PHP Security guide here. You may also want to visit the PHP Security Consortium.

Posted by Francis under: Guides, Security

  • Security Basics: Social Engineering
    • It has been said the the users are the weakest link in the security chain. This is especially exemplified in Social Engineering. This is a
  • WordPress 2.0.3 Released
    • The latest in the stable 2.0 series, 2.0.3, is now available for download at WordPress.org. This is a bug fix and security release, and is
  • Apache 1.3.36 Security Update
    • A new version of Apache (1.3.36) was just released for Cpanel servers. We don't recommend upgrading rightaway, because you quite often wind up with more
  • CGI Scripts disabled
    • We have disabled the Mchat, Cgiecho, Cgiemail, Guestbook, Counter and Formmails from CPanel's system wide cgi-sys directory. The are the most commonly exploited scripts since
  • WordPress 1.5.1.3 Security Update
    • WordPress version 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals = on in the PHP configuration. perl and PHP
  • Enable register_globals on individual cPanel accounts
    • Since register_globals is disabled on the servers for security purposes, some of your scripts and Fantastico installs might not work properly. However, you can enable
  • Upgrade your blogs to WordPress 2.1.13 & 2.0.10
    • The new release of WordPress are versions 2.1.13 and 2.0.10. There are security updates so download your copy now and upgrade your blogs.

    Leave a Comment

    You must be logged in to post a comment.

    Trackback this post  |  Subscribe to the comments via RSS Feed

    plogHost Web Services

    Calendar

    November 2008
    M T W T F S S
    « May    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930

    Most Recent Posts