Comments on Writing Secure PHP, Part 3 - AddedBytes.com

Comment on Writing Secure PHP, Part 3

2008-10-29T15:52:16+00:00

Comment by bkdm ( )

A good validation library that performs server side validation and also integrates with dojo to user client side validation can be found at http://code.google.com/p/ezeval/

Comment on Writing Secure PHP, Part 3

2008-09-14T14:54:00+01:00

Comment by mjcpk ( http://www.mjcpk.co.uk )

Whilst I agree that your response to security has to be in keeping with the size and use of your site I think it is important to remember that security is not just about the integrity of your data or the speed at which you can replace it. A compromised site can be used for many purposes by a hacker: denial of service on other sites or resources, for serving malicious code for other cross site scripting attacks, for serving up infected files to users, as an only repository of illegal content and I'm sure there are many more that I haven't thought of.
With this in mind there needs to be a minimum level of security that we all attain to ensure that, at least, we are being socially responsible and, furthermore, we are protecting ourselves from potential legal action or prosecution in the future.

Comment on Writing Secure PHP, Part 3

2008-07-24T00:40:21+01:00

Comment by Michael N ( http://www.infernocloud.com )

Very good article. This is for good programmers who just needed to know problems associated with security on the web. You can figure out implementation, or find it somewhere else.

Comment on Writing Secure PHP, Part 3

2008-05-07T04:12:34+01:00

Comment by Ryan ( http://www.tackypenguin.com )

Thank you, this is very helpful in my web design. Great tips, and I learned some good things. Keep it up! Hoping for part 4, will it be coming?

Comment on Writing Secure PHP, Part 3

2008-04-16T15:16:04+01:00

Comment by Maria ( )

Great articles, especially for a beginner like me. Thanks.

Comment on Writing Secure PHP, Part 3

2008-04-01T13:35:27+01:00

Comment by adrian Albu ( http://www.tzutz.com )

geat article, helpful

Comment on Writing Secure PHP, Part 3

2008-03-11T15:51:10+00:00

Comment by vulnerability scanner ( )

The nice thing about code injection and sql injection and all the cross site scripting methods is that it is endless. there is always room for more and there is always a new patch you install on your system that ruins your security and opens a new hole in the system. if you run a commercial site and need to know that your system is secured, I would go to the professional solution rather then running after patches.

Comment on Writing Secure PHP, Part 3

2008-03-08T18:48:12+00:00

Comment by Ergose ( )

Great articles! Not only did they point out some things that I could have easily fixed had I known about them, but it was an enjoyable read(I didn't start to dose off like on previous pages in my searches on good PHP security practices.) The problem with many articles of this nature is that they are too watered down, or they explain purely by code example and give an answer excluding even a basic why. These are well balanced, and I look forward to your next one. I would love to see the next article as maybe simple techniques that can almost always be used without problems that will make the code "naturally" more secure as a whole. That info is always hard to find in one place. Also an elegant input validation class or somesuch that's already laid out to be expanded upon would be bloody awsome. Thanks again.

Comment on Writing Secure PHP, Part 3

2008-02-10T07:49:52+00:00

Comment by IIMarckus ( )

There are some great articles on this site, Dave. When it comes to secure passwords, one method to use could be salting the password -- creating a random string, storing it in the row associated with the new user, and appending it to the user-entered password before hashing it.

Comment on Writing Secure PHP, Part 3

2008-01-08T02:51:47+00:00

Comment by anton ashardi ( http://ashardi.wordpress.com )

Great articles! i really learn a lot...