PHP Security checklist (injection, sessions etc)
- by NoviceCoding
So what kind of things should a person using PHP and MySql be focused on to maximize security.
Things I have done:
-mysql_real_escape_string all inputs
-validate all inputs after escaping em
-Placed random alpha numerics before my table names
-50character salt + Ripemd passwords
Heres where I think I am slacking:
-I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is:
session_start();
$_SESSION['login']= $login;
and checking it with:
session_start();
if(isset($_SESSION['login'])){
-I heard something about other forms of injection like cross site injection and what not...
-And probably many other things I dont know about.
Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.