Great question - I'd love to know too.
I can give you one hint. Make sure that you validate any variables passed
in the url. I had a script that should take an integer, and realised if
someone put in a fraction or text then the script output errors to the html
page showing file and directory names that I wanted hidden.
To solve this I used:
function SecureInt($var,$default)
{
if (($var!=0) && ($var*1!=0) && is_int($var*1))
{
$var=$var*1;
//echo "is int";
}
else
{
$var=$default;
//echo "is not int";
}
return($var);
}
$intvar = SecureInt($intvar,1);
- seb
-----Original Message-----
From: Alfredeen, Johan [mailto:[EMAIL PROTECTED]]
Sent: 31 August 2001 15:54
To: [EMAIL PROTECTED]
Subject: [PHP] PHP Security
I am looking for a good, practical tutorial on what I should be doing as a
developer to create a secure web site (PHP related). I have looked in my PHP
text and searched the web, but haven't found anything real useful. I am not
interested in Apache or OS security, as this is -hopefully- taken care of by
my webhost. So if you know of a good guide, online or off, please
contribute.
Thanks,
Johan
PongWorld.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.274 / Virus Database: 144 - Release Date: 23/08/2001
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.274 / Virus Database: 144 - Release Date: 23/08/2001
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
