Home arrow PHP arrow Page 4 - Reconsidering PHP variables

A Method to your madness - PHP

Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.

TABLE OF CONTENTS:
  1. Reconsidering PHP variables
  2. Counting your cookies?
  3. Checking variable types
  4. A Method to your madness
  5. Its the size that matters
  6. Pssst... Whats the password?
  7. And in Conclusion...
By: Iulian Turnea
Rating: starstarstarstarstar / 45
January 10, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Checking the method that was used to invoke your script is also a good security practice.  This will help to harden your applications against unwanted breaches.  If you are expecting to use POST methods for your application, then don't allow your script to be invoked with a GET method.  For example:

If ($_SERVER['REQUEST_METHOD'] == 'POST') {
//your code goes here
}
else{
echo (" Hacking Attempt ");
exit;
}

Another thing you can do, is to check where the script is being invoked from.  The server variable $HTTP_SERVER_VARS[HTTP_REFERRER'] contains the previous web page location.  This can be very helpful blocking security problems, if you know your target audience.  But, that being said, there are a couple of caveats.  A hacker experienced in security intrusions may be able to spoof this to make it SEEM as if they came from the proper location.  Also, personal firewalls such as Norton Personal Firewall or Zone Alarm block the referrer value by default. In that case, the client browsers don't return any value for $HTTP_SERVER_VARS[HTTP_REFERRER'].  So while this is a can be a great tool to secure your scripts, it can also be virtually useless.



 
 
>>> More PHP Articles          >>> More By Iulian Turnea
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: