Security


Web server, operating system, and PHP security are all topics that could merit their own book. Unfortunately, outdated information is detrimental when it comes to security. Thus, the best way to stay in touch with the relevant security issues of the day is to track the following Web sites:

  • PHP Security Consortium, www.phpsec.org (Figure C.14), focuses primarily on PHP-related security issues. There are articles on specific topics, a security guide, and links to other resources.

    Figure C.14. The PHP Security Consortium is a good starting point for improving your security knowledge.


  • A Study in Scarlet, www.securereality.com.au/studyinscarlet.txt, is a paper presented by Shaun Clowes that discusses a number of PHP-specific security issues. Although outdated, some fundamental ideas are discussed.

  • The W3C's Security Resources, www.w3.org/Security/, is the World Wide Web Consortium's compendium of pertinent Web security information.

  • OWASP, www.owasp.org (Figure C.15), is the Open Web Application Security Project. Although it's not PHP-specific, there's plenty of good information and tools to be found here.

    Figure C.15. For general Web security knowledge and advice, turn to OWASP.


  • The MySQL documentation includes its own specific section on security at http://dev.mysql.com/doc/mysql/en/security.html.

I'll also add that MySQL, as of version 4.0, has the ability to use SSL (Secure Sockets Layer) to connect to a database over a safer connection. The manual further describes how to use SSH to do the same. Both are worth considering wherever secure data transmission is critical.



    PHP and MySQL for Dynamic Web Sites. Visual QuickPro Guide
    PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    ISBN: 0321336577
    EAN: 2147483647
    Year: 2005
    Pages: 166
    Authors: Larry Ullman

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net