PHP Security checklist (injection, sessions etc)

Posted by NoviceCoding on Stack Overflow See other posts from Stack Overflow or by NoviceCoding
Published on 2010-12-30T08:54:07Z Indexed on 2010/12/30 9:53 UTC
Read the original article Hit count: 204

Filed under:
|
|
|
|

So what kind of things should a person using PHP and MySql be focused on to maximize security.

Things I have done:
-mysql_real_escape_string all inputs
-validate all inputs after escaping em
-Placed random alpha numerics before my table names
-50character salt + Ripemd passwords

Heres where I think I am slacking:
-I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is:

session_start(); 
$_SESSION['login']= $login;

and checking it with:

session_start();
if(isset($_SESSION['login'])){

-I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about.

Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql