Security tips, anyone?!

johnnnn · 07-18-2009, 06:03 PM

We all know that a 100% secure script is a "virtual impossibility" as the PHP manual puts it.

I'm writing my own CMS, and need some security tips to make the script as secure as I possibly can.

Here is what I have so far:

1. Cleanse all data submitted through ANY form
2. Check each page and make sure it is valid (so if someone attemted to include a malicious page, it would return an error and not run that script)
3. MD5/Crypt password
4. Use of tokens to prevent CSRF

Any more suggestions?

celsoendo · 07-18-2009, 07:02 PM

www.phpsec.org

funnymoney · 07-18-2009, 11:58 PM

Quote:

Originally Posted by johnnnn

2. Check each page and make sure it is valid (so if someone attemted to include a malicious page, it would return an error and not

to include malicious page? how to do that...