Home arrow PHP arrow Page 6 - Reconsidering PHP variables

Pssst... Whats the password? - PHP

Php helps you to quickly build big applications and many times, its easy to neglect the security matter. Its easy to believe that security breaches could not happen to your software. But what if it does happen? For this reason, security in your applications should be kept in consideration from the beginning.

TABLE OF CONTENTS:
  1. Reconsidering PHP variables
  2. Counting your cookies?
  3. Checking variable types
  4. A Method to your madness
  5. Its the size that matters
  6. Pssst... Whats the password?
  7. And in Conclusion...
By: Iulian Turnea
Rating: starstarstarstarstar / 45
January 10, 2005

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

One of the tricks I like to employ when working on a script that will be called from an outside source of some kind, is to hide a password somewhere in the posted information.

For example, lets say you have a report that you'd like to get nightly.  You have your web browser configured to connect every night at 1am and grab the report for the day's activities.  But, this information is sensitive, and you don't want just anyone being able to see the report.  Since it's an automated task, you don't want to require a challenge/response.  Or, what if you are writing an interface to a different system, and need to be able to communicate between systems without leaving the door "wide open" for anyone who could 'accidentally' find the URL?

In a case like this, one way to add a little bit of security is to pass a hidden password or passcode, just to ensure the authenticity of the client side of the connection.

For example:

// Get the variable

$secpass= $_POST['AUTHCODE'];
if ($secpass != 'q%zOD2ksn#id87snd!8s') {
echo (" Hacking Attempt ");
exit;
}

The above example becomes even more secure when coupled with an SSL connection.



 
 
>>> More PHP Articles          >>> More By Iulian Turnea
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: