12.8 Security Redux


Because security is such an important issue, we want to reiterate the main points of this chapter:

  • Check every value supplied to your program to ensure that the data you're getting is the data you expected to get.

  • Always initialize your variables.

  • Set variables_order. Use $_REQUEST and friends.

  • Whenever you construct a filename from a user-supplied component, check the components with basename( ) and realpath( ).

  • Don't create a file and then change its permissions. Instead, set umask( ) so that the file is created with the correct permissions.

  • Don't use user-supplied data with eval( ), preg_replace( ) with the /e option, or any of the system commands (exec( ), system( ), popen( ), passthru( ), and the backtick (``) operator).

  • Store code libraries and data outside the document root.



Programming PHP
Programming PHP
ISBN: 1565926102
EAN: 2147483647
Year: 2007
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net