On SK89Q.com there's a recent post with a long list of security tips you can follow to help ensure some of the most common security issues are taken care of on your site.
There was a recent question about a PHP security checklist on a forum I frequent, and Iâ€™ve decided to write my own comprehensive checklist to fill the void. Thereâ€™s something for everyone but the security expert. In fact, you might find an issue that you never thought about. Securing PHP web applications would be a better title for this article.
Tips shared in the post include:
- Have strong passwords be sure that your "password recovery questions" are not too obvious.
- Be aware that you can initiate a request from something as simple as telnet, so that means that all incoming data can be forged.
- Don't forget that inputted numbers can be very large, very small, zero, or negative. You don't want to deposit a negative number of credits!
- The mime type/file type in the $_FILES array is provided by the user and can contain any value. Not only can the provided mime type be spoofed, it could also just be wrong or be overly generic. (Conclusion: The field is useless.)
- Do extensive path checks to make sure you do not serve a non-uploaded file.
- Never use user input directly in a pathname.
- Be aware that a malicious user can sniff for packets to get a user's password. The only real solution to this problem is to use SSL.
There's lots more where this came from - a few pages of tips at least. There's not much in the way of actual code to show you how to integrate the tips into your application, but it's still a very useful list. You can also grab the full list as a downloadable cheat sheet [pdf].