PHP Security checklist (injection, sessions etc)
Posted
by
NoviceCoding
on Stack Overflow
See other posts from Stack Overflow
or by NoviceCoding
Published on 2010-12-30T08:54:07Z
Indexed on
2010/12/30
9:53 UTC
Read the original article
Hit count: 204
So what kind of things should a person using PHP and MySql be focused on to maximize security.
Things I have done:
-mysql_real_escape_string all inputs
-validate all inputs after escaping em
-Placed random alpha numerics before my table names
-50character salt + Ripemd passwords
Heres where I think I am slacking:
-I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is:
session_start();
$_SESSION['login']= $login;
and checking it with:
session_start();
if(isset($_SESSION['login'])){
-I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about.
Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.
© Stack Overflow or respective owner