Security concerns

The Internet is sadly not a safe place, mostly thanks to a small percentage of its users who feel the need to attack other users electronically. The reasons for the various attacks vary - sometimes it is for monetary gain, where attackers find holes in your code that they can exploit to their advantage, and other times it is just for fun. Either way, computer security has been a hot topic for years, and does not seem to be improving all that much.

This chapter is split into three distinct parts: part one discusses how to write secure PHP code, which includes methods of programming that are hard if not impossible to crack, part two discusses how to host PHP on a server where other people can write scripts, and part three discusses using PHP to encrypt and decrypt data.

Topics covered in this chapter are:

  • How to program secure PHP

  • Considerations for people who host others' web sites

  • Safe mode PHP

  • Encryption, simple and advanced

Chapter contents

  1. 17.1. Programming secure PHP
    1. 17.1.1. register_globals
    2. 17.1.2. Choose your file extension carefully
    3. 17.1.3. Put key files outside your document root
    4. 17.1.4. Remember that most files are public
    5. 17.1.5. Hide your identity
    6. 17.1.6. Hiding PHP
    7. 17.1.7. Restrict general database access
    8. 17.1.8. Restrict PHP database access
    9. 17.1.9. Denial of service
    10. 17.1.10. Pre-initialise important variables to safe values
    11. 17.1.11. Be wary of session fixation
  2. 17.2. Hosting PHP
    1. 17.2.1. Understanding the concerns
    2. 17.2.2. Safe mode
  3. 17.3. Protecting your data
    1. 17.3.1. Data encryption
    2. 17.3.2. Terms you need to know
    3. 17.3.3. Asymmetric vs. Symmetric
    4. 17.3.4. Basic symmetric encryption in action
    5. 17.3.5. Advanced symmetric encryption
    6. 17.3.6. Symmetric decryption
    7. 17.3.7. Changing encryption algorithm
    8. 17.3.8. Changing block cipher mode
  4. 17.4. Hardened PHP: Suhosin
  5. 17.5. Summary
  6. 17.6. Exercises
  7. 17.7. Further reading
  8. 17.8. Next chapter

Want to learn PHP 7?

Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!

If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!

Next chapter: Programming secure PHP >>

Previous chapter: Next chapter

Jump to:


Home: Table of Contents

Copyright ©2015 Paul Hudson. Follow me: @twostraws.