Blog

PHP 5 Security Techniques

Most beginning programmers fail to understand the truth about security: there is no such thing as “secure” or “insecure.” The wise programmer knows that the real question is how secure a site is. The focus in this sample chapter is therefore how to make your applications more secure.

With more and more personal information being stored on the Web—credit card data, social security numbers, maiden names, favorite pets—today’s PHP developer cannot afford to be ignorant when it comes to security. Sadly, most beginning programmers fail to understand the truth about security: there is no such thing as “secure” or “insecure.” The wise programmer knows that the real question is how secure a site is. Once any piece of data is stored in a database, in a text file, or on a Post-it note in your office, its security is compromised. The focus in this chapter is therefore how to make your applications more secure.

This chapter will begin by rehashing the fundamentals of secure PHP programming. These are the basic things that I hope/assume you’re already doing. After that a quick example shows ways to validate different kinds of data that might come from an HTML form. The third topic is the new-to-PHP 5 PECL library called Filter. Its usage isn’t very programmer-friendly, but the way it wraps all of the customary data filtering and sanitizing methods into one interface makes it worth knowing. After that, two different uses of the PEAR Auth package show an alternative way to implement authorization in your Web applications. The chapter will conclude with coverage of the MCrypt library, demonstrating how to encrypt and decrypt data.

Got Something To Say: