Security concerns

The Internet is sadly not a safe place, mostly thanks to a small percentage of its users who feel the need to attack other users electronically. The reasons for the various attacks vary - sometimes it is for monetary gain, where attackers find holes in your code that they can exploit to their advantage, and other times it is just for fun. Either way, computer security has been a hot topic for years, and does not seem to be improving all that much.

This chapter is split into three distinct parts: part one discusses how to write secure PHP code, which includes methods of programming that are hard if not impossible to crack, part two discusses how to host PHP on a server where other people can write scripts, and part three discusses using PHP to encrypt and decrypt data.

Topics covered in this chapter are:

• Why register_globals matters

• How to program secure PHP

• Considerations for people who host others' web sites

• Safe mode PHP

• Encryption, simple and advanced

Chapter contents

1. 17.1. Programming secure PHP
1. 17.1.1. register_globals
2. 17.1.2. Choose your file extension carefully
3. 17.1.3. Put key files outside your document root
4. 17.1.4. Remember that most files are public
5. 17.1.5. Hide your identity
6. 17.1.6. Hiding PHP
7. 17.1.7. Restrict general database access
8. 17.1.8. Restrict PHP database access
9. 17.1.9. Denial of service
10. 17.1.10. Pre-initialise important variables to safe values
11. 17.1.11. Be wary of session fixation
2. 17.2. Hosting PHP
1. 17.2.1. Understanding the concerns
2. 17.2.2. Safe mode
3. 17.3. Protecting your data
1. 17.3.1. Data encryption
2. 17.3.2. Terms you need to know
3. 17.3.3. Asymmetric vs. Symmetric
4. 17.3.4. Basic symmetric encryption in action
5. 17.3.5. Advanced symmetric encryption
6. 17.3.6. Symmetric decryption
7. 17.3.7. Changing encryption algorithm
8. 17.3.8. Changing block cipher mode
4. 17.4. Hardened PHP
5. 17.5. Summary
6. 17.6. Exercises
7. 17.7. Further reading
8. 17.8. Next chapter

Follow us on Identi.ca or Twitter