10 security tips for PHP newbies
Posted in Basic Webmastering on May 18th, 2010 |
PHP is a powerful programming language for dynamic websites. PHP stands for Hypertext Preprocessor, it is a widely used scripting language especially for web development. Although there is a wide array of key advantages of PHP as a programming language, there are many significant disadvantages of it at the same time.
Append below are some of the useful security tips for PHP developers to adhere to:
1. PHP is just like any other language, there are vulnerabilities in all of them. Keeping oneself on the most recent version of PHP, and being well informed on its limitations, upgrades, and fine-tuning will keep your application more highly secured and stable.
2. Being security conscious is a great thing to start with, as a developer, Tools like Chorizo and programs such as PHPSecInfo are third party products which are capable to bring you new perspective and lights to security, and enable you to closely securitize some of the weaknesses which might have been overlooked. Chorizo automates your code scan for viruses and weaknesses, while PHPSecInfo helps to ensure the configuration of your environment is properly taken care of. Developers need to be vigilant when it comes to topics on security, and together with some of the highly effective security measures, they should try to combat all possible threats to security as much as possible.
3. Set a highly secured password for your application to keep them intact at all time. Test the security level of the password using the vulnerability testing tools, and make it a habit to change your password at least once a quarter, also consistently monitor the log files on your website for potential illegal activities.
4. Always keep sensitive code outside of your web server’s document/table source. PHP professionals strongly advised developers to place their PHP code outside of the web server’s document storage place. Instead a new folder should be created to save the sensitive data and code for security sake. Other proposed solutions are to end any PHP based files with .php or to add the file types to the .htaccess to prevent anyone from reading these files.
5. The permissions granted to users should only be applicable to the required level for them to operate the necessary functions only and nothing more than that. Lately new light had been thrown into the world of design as such : “ Security must be part of the design.” New applications should be built with considerations of different security level for different group of users for the future. If one does not build your application with security in mind, then the new application is only partially useful for one need to constantly addressing new security vulnerabilities that keep popping up time after time.
6. The good news about modern PHP framework is that they have built in the authentication of access control to safe-guard as many application and framework as possible.
7. A strong reminder for developers to purge temporarily system diagnostic files and not having them laying around even if they are just work in progress. This is because if these files are found by someone with immoral intention, they can potentially leak valuable data and information of your system. Therefore you need to be highly cautious managing these temporarily files.
8. There is one other useful tip as of how you can help secure your PHP files. You may store them in .ini-files or .ini-php and start them with “;“. to protect them from easily being recognizable by third parties even if they happened to find these files, they wouldn’t realized them as being php but just a “ ; ”
9. Always make sure your framework gets updated regularly and its necessary needs for security patch which needs to be performed by the responsible dedicated party consistently. It had been found that many sites are still using very old-dated files because of the lack in resources to update and continuously maintaining them as and when necessary. This is an easily fix gap which need to be looked into urgently before they are exposed to further exploitations by the unkind.
10. Also, try to restrict the file types which are allowed to be uploaded into your system. You should not allow any third party to upload any .php files. A white list policy protects your files and framework by throwing away any files which does not meet the validation rules, such as one which does not have the proper extension. For a more secure check, check out FileInfo. FileInfo is highly reliable software which is highly used to examine the contents of the uploaded files by using some kind of magic byte sequences. This serves as a more secure way of checking for legitimate files uploaded to your system.
Top Web Host Reviews
Shameless Plug: Check out these popular web hosting reviews by our editors.
 |
 |
 |
 |
 |
| iPage Review | BlueHost Review | FatCow Review | CoolHandle Review | JustHost Review |
Comments On "10 security tips for PHP newbies"
Have Your Say
Have your say! Leave us a reply and tell us what you think about this article.
That is the right weblog for anyone who needs to search out out about this topic. You notice a lot its virtually exhausting to argue with you (not that I truly would need…HaHa). You undoubtedly put a brand new spin on a subject thats been written about for years. Great stuff, simply great!
I really really liked all of your suggestions. I want to offer thanks to you for taking the time to type this webpage. But I just have one question; do you have an RSS Feed I can subscribe to? Please let me know. Thanks a lot.