--- Jordi Canals <jcanals@xxxxxxxxx> wrote: > > I highlight some of the things I think are of principal concern > > for PHP developers in something I call the PHP Security Workbook: > > > > http://shiflett.org/php-security.pdf > > > > That doesn't cover everything, of course, but it covers those > > things I have chosen as most important when I only have three > > hours to talk about security concerns. :-) > > Chris, > > Many thanks for this link to your workbook. Really is a valuable > read as it puts together the main security concerns. Thanks. :-) > Which method for data filtering you think is best for a modular > site? the dispatch method (page 8) or the include method (page > 10)? First, let me point out that those aren't the only two choices. A lot of people avoid discussing software design with strangers, because many people are very passionate about their like or dislike of a particular approach. However, I "risk" it in my talks, because I think it's helpful for people to at least see a couple of brief overviews of some popular methods, in case there are characteristics that they like from either one. I think it's similar to how no one thinks XP is all great, but most people who study XP end up finding a few characteristics that they like (test-driven design perhaps). Personally, of those two that I mention in the PHP Security Workbook, I prefer the Dispatch Method. It does two things I like: 1. Completely removes the possibility of data being exposed via URL. The "entry point" to your application is very defined, and there is no other way in. 2. Makes it very easy for a developer to see the control flow of the entire application. You can't do this when looking through hundreds of lines of code. On the largest applications I have created (which consist of hundreds of thousands of lines of code), the dispatch.php script (or whatever you call it) is still rarely more than a hundred lines long. It is the overview - the blueprint. I think these characteristics help me as a developer to be mindful of security (it's easy to keep up with data flow as well), and I think these characteristics help me as a manager to be sure that my developers' mistakes are limited in the damage they can do. > I specially like the dispatch method as I use my own private server > (VPS) and have all modules outside the document root. This way, all > scripts must be called by the dispatcher wich provides al security > checks. As scripts are outside the document root, you cannot run them > directly bypassing the dispatcher, and the security checks ... In my > document root, the dispatcher is the only available script. Yeah, that's basically the first reason I mentioned. :-) I think the other reason is equally as strong. Hope that helps. Thanks for appreciating my work. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly HTTP Developer's Handbook - Sams Coming February 2005 http://httphandbook.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
