homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

About security

Msg#: 4276578 posted 2:23 pm on Mar 4, 2011 (gmt 0)

Hello people,

The more code I write the more I become concerned about security, lately I have been relying more and more on php and MySQL to display content and have more flexibility but this could lead to vulnerabilities.

What do you guys recommend to analyze my code or the security overall across sites?

I know there is skipfish but I wasn't able to run/install it.

I know I could just google code scanners, but I would like to get some recommendations from the community here first.




WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member

Msg#: 4276578 posted 5:06 pm on Mar 4, 2011 (gmt 0)

It's not as hard as it seems. "Keep what you want and throw everything else away" is a good place to start. Unfortunately this means a little more front end work - say, for an email form, you expect an email address and ordinary text for all input. So you can remove any character that is not in that set, and only accept input from fields you expect. The email address field requires a bit more attention, assuring there is only one and it's a valid email pattern.

For run of the mill email injections, before cleansing you might look for known injection patterns. This allows you to stop the script immediately to avoid annoying emails that are "safe" but still come through. There's lots of ways to do it but this is a good place to start.


Msg#: 4276578 posted 6:13 pm on Mar 8, 2011 (gmt 0)

Thanks rocknbil and sorry for the late reply.

I have looked around and found some tools but they all seem to be very difficult to implement, I'd say that the best one can do is do as you say, keep one eye open at all times and try to be one step ahead, I'll keep looking for better ways to check for wholes anyways, I could find one that I like down the road...

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved