Staying Safe | Advanced PHP Security Tips

by Sozin - 28-04-2015, 07:49 PM
Nan Ihier Gelair Mordor
Posts:
2,634
Joined:
Jan 2015
Likes:
296
Credits:
8,007
Reputation:
89
2 Years of Service
#1
OP
Posted: 28-04-2015, 07:49 PM
Hello there. You might have already heard of basic php security like, escaping all input before putting that into database and using htmlentites to block html from executing, and using pdo, etc. But today I am going to list some more advanced tips on PHP security.

PDO & MySQLi(Bound params):

PDO is known to be vulnerable to an encoding flaw, as demonstrated here: http://shiflett.org/blog/2006/jan/addsla...ape-string
The attacker can get around your little mysqli_real_escape_string magic and exploit your website Smile

Coming straight to the point. You need to make sure:

If you:

* Use Modern Versions of MySQL (late 5.1, all 5.5, 5.6, etc) AND mysql_set_charset() / $mysqli->set_charset() / PDO's DSN charset parameter (in PHP ≥ 5.3.6)

OR

* Don't use a vulnerable character set for connection encoding (you only use utf8 / latin1 / ascii / etc)




list will be updated. I am too tired atm.
Do not let your difficulties fill you with anxiety, after all it is only in the darkest nights that stars shine more brightly. - Ali(a.s)

Developer( PHP, Python, C++, HTML+CSS, JS I am available for Hire. Message Me for details.
AndresXZ09
28-04-2015, 08:23 PM
The last reply on this thread is older than a month. Please do not unnecessarily bump it.
Register an account or login to reply
Create an account
Create a free account today and start posting right away. It only takes a few seconds.
Login
Log into an existing account.
1 Guest(s)