Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Aug 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Guideline on PHP web application Security

    When you are developing your web application then Security should be the main concern during the developmental process. There are several factors you should consider to protect your web application from possible misuse. This post will enlighten us on the basics of PHP security. There are several issues that web developers should be aware of which are given below:

    • Input Filtering : Filtering entire data from external sources.
    • Output Filtering : Filtering entire data that results from the application.
    • Database Queries should be error free.
    • Hiding the display Errors.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,281
    Thanks
    57
    Thanked 523 Times in 510 Posts
    Blog Entries
    5
    Quote Originally Posted by Clydebrown View Post
    • Hiding the display Errors.


    In a well written app there shouldn't be any errors yet alone any need to hide them. Instead you should be logging errors and handling them transparently so that the end users use of the site isn't disturbed.

    FYI I'm a bit puzzled by your post. It comes across as a cross between a book / tutorial yet you've not really actually provided much more than an opening paragraph which is a bit odd for your first post. I thought it was spam but when I quoted your text there were no hidden image or url tags like most of the spam bots
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    New Coder
    Join Date
    Aug 2012
    Location
    Kalamazoo, MI
    Posts
    39
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yeah this isn't much of a guideline at all... What exactly did you just enlighten us on?

  • #4
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by tangoforce View Post
    In a well written app there shouldn't be any errors yet alone any need to hide them. Instead you should be logging errors and handling them transparently so that the end users use of the site isn't disturbed.
    Disabling display_errors in a production environment is best practice. Logging and handling errors is good, but showing errors to the user is sure to disturb them the most.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •