Closed Thread Icon

Preserved Topic: PHP & Security (Page 1 of 1) Pages that link to <a href="http://ozoneasylum.com/backlink?for=20999" title="Pages that link to Preserved Topic: PHP &amp;amp; Security (Page 1 of 1)" rel="nofollow" >Preserved Topic: PHP &amp; Security <span class="small">(Page 1 of 1)</span>\

 
mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-08-2001 13:36

Recently, I've stumbled across SecureReality web site, and found a few interesting discussions about security in PHP apps...

Take a look at these two links:
A Study In Scarlet - Exploiting Common Vulnerabilities in PHP Applications
Remote command execution vulnerabilities in phpMyAdmin and phpPgAdmin

Dracusis
Maniac (V) Inmate

From: Brisbane, Australia
Insane since: Apr 2001

posted posted 07-08-2001 14:25

Christ MAX, not only do you always answer my questions but now you answering them before I even get a chance to ask!

Thanks for the links.. 'd been my next PHP question..

everybody needs a swamp bear

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted posted 07-08-2001 17:51

Great set of links.

Dracusis
Maniac (V) Inmate

From: Brisbane, Australia
Insane since: Apr 2001

posted posted 07-08-2001 18:39

Arr. Crap.. Now I need to re-write my script.

I'm writing a news post script but...

Some of the information there went over my head, but by doing this will my script should be secure right?

  • Everything in the script happens through a function() call.
  • All variabules passed from the form are only used in function() calls.
  • There are NO global variabules.
  • All username and password variabules are checked on an equality basis, if false, a die() is called. If true the script continues to run.
  • All database connections and includes only happen inside defined functions.



That should pretty much work shouldn't it?

everybody needs a swamp bear

Edit: Wanted to try out the [list] ubb code/.....

[This message has been edited by Dracusis (edited 07-08-2001).]

« BackwardsOnwards »

Show Forum Drop Down Menu