I was thinking to read about Writing Secure PHP 1 & Writing Secure PHP 2 for sometime, too many thing been pending and till now i just have time to read ..
summary of this article
- never trust your user - don’t assume your user will just follow what u think
- define the variable before you fetch it - this really base on hows the script run
- error message - i will recommend use the error_reporting() function to control
- SQL injection - always trim/clean up the input before using it
- having a index file in each folder to avoid displaying file list
- don’t use .inc file, user can read the inc content directly
- heavy cover login system - track ip, limit time for false login
Its a not bad article to read but i think certain point is more on server side, in stead of develop’s issue
One Comment
secure programming is a critical. if the programmer don’t have an awareness about their code..the attacker will have an easy way to break into the system as port 80 is always open to the outsider..