Re: [PHP] Securing PHP Code with GET | POST | SESSIONS or other things
And, you can add to this > Never trust data from the client...always filter it(I use an lib to do that)! > Make sure register_globals is off or code accordingly. Make sure that you're using SSL (https). Also, (maybe not directly related though...) if possible, separate your web server from your database server. And also, you might want to create different database users for different purposes (i.e. one user can ONLY select, another ONLY for updating, etc.). You can even forget about a user that can delete data--you can always do it yourself offline or at least not via the web server. HTH, - E -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Securing PHP Code with GET | POST | SESSIONS or other things
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Never trust data from the client...always filter it(I use an lib to do that)! Make sure register_globals is off or code accordingly. HTH! ~Paul On Saturday 09 November 2002 01:12 am, Creighton Brown wrote: > I want to know recommendations securing GET | POST | SESSIONS or other data > in WebPages. > > One site I may be developing for the local govt has the need to take and > receive data from a database and data will be past with GET | POST | > SESSIONS. > > Any recommendations regarding this would be welcome. > > The server is a national web host, one of two I may be using... both of > which are reasonably secure. - -- ~Paul Nicholson Design Specialist @ WebPower Design "The webthe way you want it!" [EMAIL PROTECTED] www.webpowerdesign.net "It said uses Windows 98 or better, so I loaded Linux!" Registered Linux User #183202 using Register Linux System # 81891 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9zKhPDyXNIUN3+UQRAm22AJ0RTHn6agukzCxSLEQv2g2p+BoZtgCfU5qI B0wL2RD7frx6CVDOk+UIOIk= =5jop -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
