Reply to Re: [PHP] Security Issues - Where to look?

Your name:

Reply:


Posted by Richard Davey on 10/02/49 11:31

Hi Richard,

Monday, November 7, 2005, 9:50:59 PM, you wrote:

> I've heard that php is not particularly secure, making it
> problematic if you intend to create a web site with commerce, etc.
> Is there a particular news group that addresses security issues? I'm
> looking for some guidlines on ensuring that my site is secure from
> malicious hackers.

The security of the application will be ultimately down to two
factors: you, and your hosting environment.

Server security is beyond the scope of this mailing list, and is a
multi-faceted and complex area. Shoring up your OS, Apache and the
likes can take years of skill. Or of course, your sys admin / web host
does this all for you. Even so, it's an area not to be ignored. You
can write the most secure application in the world, but if you've gone
and chmod 777'd your directories on a shared box, you're anyones
target.

The security of your application is down to you however. There is a
PHP security mailing list, but it's more for announcements than
discussion. As for guidelines there are many free on-line resources,
and you'd do worse than to start here: http://phpsec.org/library/

The majority of those documents are aimed at experienced PHP
developers however. And the majority of blatant security holes come
from the inexperienced who weren't aware of what they were doing wrong
in the first place. There are several books available on the subject
now, any (or all) of them would give you the grounding you need to
know BEFORE you start coding:

Pro PHP Security by Snyder & Southwell (Apress)
php architect's Guide to PHP Security by Ilia Alshanetsky (Nanobooks)
Essential PHP Security by Chris Shiflett (O'Reilly)

Also some on-line talks: http://brainbulb.com/talks

php architect magazine has a security column each month as well
(www.phparch.com)

There's a lot of reading material out there. Just make sure you read
it _before_ you start building, it'll save you days, if not weeks, of
code changes.

Cheers,

Rich
--
Zend Certified Engineer
PHP Development Services
http://www.corephp.co.uk

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация