php_security.pdf

(3317 KB) Pobierz

Security

PHP Security

By: Ilia Alshanetsky

296126489.029.png

296126489.030.png

296126489.031.png

296126489.001.png

296126489.002.png

296126489.003.png

What is Security?

Security is a measurement, not a characteristic.

 It’s is also an growing problem that requires an

continually evolving solution.

 A good measure of secure application is it’s ability to

A good measure of secure application is it’s ability to

predict and prevent future security problems, before

someone devises an exploit.

 As far as application design goes, security must

be considered at all times; initial spec,

implementation, testing and even maintenance.

implementation, testing and even maintenance.

Security

2

 Security is a measurement, not a characteristic.

It’s is also an growing problem that requires an

continually evolving solution.

predict and prevent future security problems, before

someone devises an exploit.

As far as application design goes, security must

be considered at all times; initial spec,

296126489.004.png

296126489.005.png

296126489.006.png

296126489.007.png

296126489.008.png

296126489.009.png

PHP & Security

PHP keeps on growing as a language, making

headway into enterprise and corporate markets.

Consequently PHP applications often end up

working with sensitive data.

 Unauthorized access to this data is unacceptable.

 To prevent problems a secure design is needed.

Security

3

 PHP keeps on growing as a language, making

headway into enterprise and corporate markets.

 Consequently PHP applications often end up

working with sensitive data.

Unauthorized access to this data is unacceptable.

To prevent problems a secure design is needed.

296126489.010.png

296126489.011.png

296126489.012.png

296126489.013.png

296126489.014.png

296126489.015.png

296126489.016.png

Input Validation

One of the key concepts you must accept is that

user input is unreliable and not to be trusted.

Partially lost in transmission between server & client.

 Corrupted by some in-between process.

Corrupted by some in-between process.

 Modified by the user in an unexpected manner.

Modified by the user in an unexpected manner.

 Intentional attempt to gain unauthorized access or to crash

Intentional attempt to gain unauthorized access or to crash

the application.

Which is why it is absolutely essential to validate

any user input before use.

Security

4

 One of the key concepts you must accept is that

user input is unreliable and not to be trusted.

 Partially lost in transmission between server & client.

the application.

 Which is why it is absolutely essential to validate

any user input before use.

296126489.017.png

296126489.018.png

296126489.019.png

296126489.020.png

296126489.021.png

296126489.022.png

Accessing Input Data

As of PHP 4.1, there are a series of super-globals that

offer very simple access to the input data.

$_GET – data from get requests.

 $_POST – post request data.

$_POST – post request data.

 $_COOKIE – cookie information.

$_COOKIE – cookie information.

 $_FILES – uploaded file data.

$_FILES – uploaded file data.

 $_SERVER – server data

$_SERVER – server data

 $_ENV – environment variables

$_ENV – environment variables

 $_REQUEST – combination of GET/POST/COOKIE

$_REQUEST – combination of GET/POST/COOKIE

Security

5

 As of PHP 4.1, there are a series of super-globals that

offer very simple access to the input data.

 $_GET – data from get requests.

296126489.023.png

296126489.024.png

296126489.025.png

296126489.026.png

296126489.027.png

296126489.028.png

Plik z chomika:

Inne pliki z tego folderu:

The Ultimate Guide to Graphic Design 2.pdf (49498 KB)
Balanced Webdesign.pdf (15960 KB)
Smashing Wordpress.pdf (7288 KB)
When Search Meets Web Usability April 2009.pdf (5126 KB)
New.Riders.Press.Tagging.People.powered.Metadata.for.the.Social.Web.Jan.2008.pdf (18591 KB)

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin