http://www.addedbytes.com/article/writing-secure-php-3/Latest comments on Writing Secure PHP, Part 3 on AddedBytes.comhttp://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by Mark ( <a href=""></a> )<br /><br />Hello,<br /> <br /> With regards to safe mode, what are the alternatives to fopen(), readfile(), and file() functions?<br /> <br /> I override the PHP configuration of my hosting (php.ini) by having a copy of it to every folders in my web root, is that a good alternative to set PHP configuration settings rather than using ini_set() function?<br /> <br /> Thank youhttp://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by Paul ( <a href=""></a> )<br /><br />I've been working with PHP for years now but I still found your bit about shared hosting quite interesting. It's something you don't typically think about -- your entire application could be totally secure but you still may be at the mercy of your host or other developers on the same server.<br /> <br /> Nicely done.http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by affnewbie ( <a href="http://www.servagesuks.com">http://www.servagesuks.com</a> )<br /><br />I am a new affiliate/internet entrepeneur. I recently found out that the host that i prepaid a year for, won't refund and is overrun with hackers, exploits, injections, worms, malware, etc !!!! they must be the hackers because they lie and obfuscate and they refuse to do anything to fix the problems. Do a search and you will see tons of complaints about servage.net, like the url I listed because they are SO horrible, incompetent, lying cheating scumbags! I want to make sure no one else gets cheated as I did because as a new novice to web hosting i of course wanted a good deal and bargain. boy did I get ripped off and now i have to find something else but because i prepaid a full year....it's a big mess. AVOID servage.net!!!<br /> <br /> and I was hoping to find some way to plug the iframe injections that somehow someone keeps placing into my index pages -- like every other day. <br /> <br /> those people are the scourge of the internet. I wish I knew how to prevent what they are doing and I am so steamed I have dreams of wishing I knew how to plant a trojan that would completely wipe out their computer to stop them.<br /> <br /> anyway you have some very good advice about researching very carefully about webhosting. servage is the worst ever -- please avoid and take this as a serious warning. it's not worth it and they blame the customer for their incompetencies. <br /> <br /> thanks for letting me rant and rave.http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by Ayo ( <a href="http://ayomacro.co.cc">http://ayomacro.co.cc</a> )<br /><br />I love this article. No to much information and no little information. Everything is clear and awesome. I have all the steps on one of my papers now when I'm designing. Thanks.http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by bkdm ( <a href=""></a> )<br /><br />A good validation library that performs server side validation and also integrates with dojo to user client side validation can be found at http://code.google.com/p/ezeval/http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by mjcpk ( <a href="http://www.mjcpk.co.uk">http://www.mjcpk.co.uk</a> )<br /><br />Whilst I agree that your response to security has to be in keeping with the size and use of your site I think it is important to remember that security is not just about the integrity of your data or the speed at which you can replace it. A compromised site can be used for many purposes by a hacker: denial of service on other sites or resources, for serving malicious code for other cross site scripting attacks, for serving up infected files to users, as an only repository of illegal content and I'm sure there are many more that I haven't thought of.<br /> With this in mind there needs to be a minimum level of security that we all attain to ensure that, at least, we are being socially responsible and, furthermore, we are protecting ourselves from potential legal action or prosecution in the future.http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by Michael N ( <a href="http://www.infernocloud.com">http://www.infernocloud.com</a> )<br /><br />Very good article. This is for good programmers who just needed to know problems associated with security on the web. You can figure out implementation, or find it somewhere else.http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by Ryan ( <a href="http://www.tackypenguin.com">http://www.tackypenguin.com</a> )<br /><br />Thank you, this is very helpful in my web design. Great tips, and I learned some good things. Keep it up! Hoping for part 4, will it be coming?http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by Maria ( <a href=""></a> )<br /><br />Great articles, especially for a beginner like me. Thanks.http://www.addedbytes.com/article/writing-secure-php-3/comments/http://www.addedbytes.com/article/writing-secure-php-3/comments/Comment by adrian Albu ( <a href="http://www.tzutz.com">http://www.tzutz.com</a> )<br /><br />geat article, helpful