Security in PHP

Asked

Viewed 152 times

3

I’m new to php security and would like to know if the items listed below would help to make my site safer.

  1. SSL(Secure Socket Layer)
  2. PHP

  1. Remove all possible information by referencing the server (PHP and apache).
  2. Use the most current version of PHP whenever possible.
  3. Handle every mistake.
  4. Never display any Mysql, PHP, and server errors.
  5. Prevent session theft and cookie.
  6. Sanitize every entrance.

  • Obfuscate

  • Javascript
  • JSON
    • php

    • Regarding SSL, you have that question that might help you.

    • Javascript and json see no difference, 'obfuscation' depends on the process. I think the stable version is more important than the last bugle version. Avoid session theft and cookie is obvious. Sanitize all entry is not required, validate inputs is critical.

    • 1

      Obfuscation does not add security. Use a program like w3af to audit your website. It will find more errors than you could visually.

    • If it is security against someone spying on data between the client and the server, SSL. If it is security against server hacking, PHP entries will be entered. Obfuscation is "security" to make it a little difficult for someone to copy Javascript code from the page.

    • Getting in the way of security won’t...

    1 answer

    1

    Interesting, but such measures would be you who would implement in the solution?

    All these measures are valid but I would also add:

    • Use of token for sending forms.

    • Client-side and server-side form validation.

    • Definitions of ACL.

    Anyway, there are several other factors that would help security.

    I’m not going into details with regard to time and difficulty, some of these things take time.

    • I still do the implantation, thanks for the tips

    Browser other questions tagged php

    You are not signed in. Login or sign up in order to post.