Essential PHP Security
- Essential PHP Security
- Table of Contents
- Copyright
- Foreword
- Preface
- What s Inside
- Style Conventions
- Comments and Questions
- Safari Enabled
- Acknowledgments
- Chapter 1. Introduction
- Section 1.1. PHP Features
- Section 1.2. Principles
- Section 1.3. Practices
- Chapter 2. Forms and URLs
- Section 2.1. Forms and Data
- Section 2.2. Semantic URL Attacks
- Section 2.3. File Upload Attacks
- Section 2.4. Cross-Site Scripting
- Section 2.5. Cross-Site Request Forgeries
- Section 2.6. Spoofed Form Submissions
- Section 2.7. Spoofed HTTP Requests
- Chapter 3. Databases and SQL
- Section 3.1. Exposed Access Credentials
- Section 3.2. SQL Injection
- Section 3.3. Exposed Data
- Chapter 4. Sessions and Cookies
- Section 4.1. Cookie Theft
- Section 4.2. Exposed Session Data
- Section 4.3. Session Fixation
- Section 4.4. Session Hijacking
- Chapter 5. Includes
- Section 5.1. Exposed Source Code
- Section 5.2. Backdoor URLs
- Section 5.3. Filename Manipulation
- Section 5.4. Code Injection
- Chapter 6. Files and Commands
- Section 6.1. Traversing the Filesystem
- Section 6.2. Remote File Risks
- Section 6.3. Command Injection
- Chapter 7. Authentication and Authorization
- Section 7.1. Brute Force Attacks
- Section 7.2. Password Sniffing
- Section 7.3. Replay Attacks
- Section 7.4. Persistent Logins
- Chapter 8. Shared Hosting
- Section 8.1. Exposed Source Code
- Section 8.2. Exposed Session Data
- Section 8.3. Session Injection
- Section 8.4. Filesystem Browsing
- Section 8.5. Safe Mode
- Appendix A. Configuration Directives
- Section A.1. allow_url_fopen
- Section A.2. disable_functions
- Section A.3. display_errors
- Section A.4. enable_dl
- Section A.5. error_reporting
- Section A.6. file_uploads
- Section A.7. log_errors
- Section A.8. magic_quotes_gpc
- Section A.9. memory_limit
- Section A.10. open_basedir
- Section A.11. register_globals
- Section A.12. safe_mode
- Appendix B. Functions
- Section B.1. eval( )
- Section B.2. exec( )
- Section B.3. file( )
- Section B.4. file_get_contents( )
- Section B.5. fopen( )
- Section B.6. include
- Section B.7. passthru( )
- Section B.8. phpinfo( )
- Section B.9. popen( )
- Section B.10. preg_replace( )
- Section B.11. proc_open( )
- Section B.12. readfile( )
- Section B.13. require
- Section B.14. shell_exec( )
- Section B.15. system( )
- Appendix C. Cryptography
- Section C.1. Storing Passwords
- Section C.2. Using mcrypt
- Section C.3. Storing Credit Card Numbers
- Section C.4. Encrypting Session Data
- About the Author
- Colophon
- Index
- SYMBOL
- A
- B
- C
- D
- E
- F
- G
- H
- I
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V