Results 1 to 7 of 7
  1. #1

    PHP Coding Guidelines Checklist

    1. In general…a. I’m assuming here that the programmer is not also the server administrator, and that the server admin more or less knows how to configure LAMP correctly and securely by default
    i. Of course, if necessary, a programmer can override most PHP settings in a custom php.ini file located in the web root

    b. Use an MVC framework
    i. I use CakePHP. The framework itself goes a long way to ensure fundamentally sound and secure coding practices.

  2. #2

    PHP Coding Guidelines Checklist

    2. Incoming data…a. Sanitize and validate all data contained in $_GET, $_POST, $_COOKIE, and $_REQUEST before programmatically manipulating the data.
    b. SQL Injection
    i. Definition: Code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

    ii. Prevention: mysql_real_escape_string($string)

    c. Cross Site Scripting (XSS)
    i. Definition: Security vulnerability typically found in web applications that allows code injection by malicious web users into the web pages viewed by other users. Examples of such code include client-side scripts (i.e., JavaScript).

    ii. Prevention: htmlentities(strip_tags($string))

  3. #3

    PHP Coding Guidelines Checklist

    3. Browser requests…a. Cross Site Request Forgery (CSRF)
    i. Definition: Type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

    ii. Prevention: Generate a unique “token”, typically when a browser session starts. Pass the token in all POST and GET requests. Following the POST/GET action, check for the existence of the token in the session and then confirm the token sent by POST/GET is identical to the token stored in the session. (An MVC framework like CakePHP makes this relatively easy to implement uniformly throughout your application.)

  4. #4

    PHP Coding Guidelines Checklist

    To do this you have to make sure Apache and Nginx are bound to their own IP adddress, In the event of WHM/Cpanel based webserver, you can Release an IP to be used for Nginx in WHM. At this time I am not aware of a method of reserving an IP, and automatically forcing Apache to listen on a specific set of IPs in a control panel such as DirectAdmin or Plesk. But the link above will show you how with WHM/Cpanel.





    To do this you have to make sure Apache and Nginx are bound to their own IP adddress, In the event of WHM/Cpanel based webserver, you can Release an IP to be used for Nginx in WHM. At this time I am not aware of a method of reserving an IP, and automatically forcing Apache to listen on a specific set of IPs in a control panel such as DirectAdmin or Plesk. But the link above will show you how with WHM/Cpanel.







  5. #5

  6. #6
    content from reference site

  7. #7

    PHP Coding Guidelines Checklist


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •