RE: [PHP] secure code

[Dan Joseph]

Tim,

Make sure you handle all exceptions, exit() after each redirect, make sure
you are validating all form fields before it goes into the database, things
like that.  Might want to grab webproxy from www.atstake.com and use it to
test your app.  Its kind of complex to use at first, but there should be
some docs online.

-Dan Joseph

 -Original Message-
 From: Tim Burgan [mailto:[EMAIL PROTECTED]
 Sent: Tuesday, May 27, 2003 7:52 PM
 To: PHP Lists
 Subject: [PHP] secure code


 Hello,

 I'm wondering if you can recommend any resources that discuss
 writing secure
 code and how to put the best methods in place to prevent hackers.

 I'm particularly looking at resources from the web coding perspective, not
 securing a server.

 Or, what things to you do to 'block' hackers.

 Thanks
 Tim Burgan


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] secure code

[Evan Nemerson]

Good question! I rarely see this type of question here.

http://www.dwheeler.com/secure-programs/ is a good one- even has a small 
section dedicated specifically to PHP

The Shmoo Group has a good list at http://www.shmoo.com/securecode/

And if you're one of the learn by example of how not to do it, take a look at 
the bugtraq and vuln-dev lists @ securityfocus



On Tuesday 27 May 2003 04:52 pm, Tim Burgan wrote:
 Hello,

 I'm wondering if you can recommend any resources that discuss writing
 secure code and how to put the best methods in place to prevent hackers.

 I'm particularly looking at resources from the web coding perspective, not
 securing a server.

 Or, what things to you do to 'block' hackers.

 Thanks
 Tim Burgan

-- 

The people are the only sure reliance for preservation of our liberty.

-Thomas Jefferson


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php