Re: Breaking lines - att. Richard Lynch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I tend to store passwords in mysql as hashed values (usually md5), and if I
am using scripts to connect to the database name that file (for example)
connect.inc and add an .htaccess file to stop user download of any files
called *.inc. Or store those files outside the web root in the include path.
And treat all user data as tainted, and use mysql_real_escape string before
entering it into the database. Or set ini values locallyusing ini_set or
.htaccess to disabled register_globals etc. There are many security
suggestions for php, like anything it is only as secure as the code you
write. I do agree with previous suggestions - if you are unsure about all
this get someone else to write or audit your code before slinging that stuff
into production. It's a complex subject but there are many best practice
guidelines you can find by browsing php.net, Googling for it or picking up a
good book - PHP Security by O'Reilly being a good choice for starters.

By looking at your code and guessing that you are having problems with php
'basics' like variable interpolation and escaping, I would either follow the
suggestions, or get hold of Programming PHP and read it and reread it.





--
http://www.web-buddha.co.uk

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux