Php Security problem

Forum Moderators: coopster

Message Too Old, No Replies

Php Security problem

I do not want people to write php inside the files

AjiNIMC

12:53 pm on Sep 21, 2006 (gmt 0)

I have a php file but then I do not want my users to add php inside it so I am stripping anything inside following tags


<?> or <?php?> or <?php php?> or <? php>

Now what else should I do to ensure the security? Should I allow JS inside the file, how can people hack through js? Are there some good tutorials on such security issues?

Also is there some other way of restricting it?

Thanks,
AjiNIMC

adnovice88

1:22 pm on Sep 21, 2006 (gmt 0)

Remove the access for people to write php code in your files. Example, if you directly take a form content submitted and save it to a file and let users access it, that is a problem. Remove such type of design from your site.

Never use user input for dynamic content. If you have to and there is no other go, create a list of characters that you want to allow, and remove the rest of them. Don't allow any html tags at all. Just remove all types of <...> from the user submitted content.

Always, allowing is better than restricting. You cannot imaging all kinds of bad things users can do. But you know how your site is to be used and therefore allow only specific format of usage. That is the best security policy.