On the DeveloperDrive.com site today there's a new post with five easy steps you can take to help increase the security of your PHP-based applications.
For many years, PHP has been a stable, inexpensive platform on which to operate web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developers, database architects and system administrators should take precautions before deploying PHP applications to a live server. Most of these techniques can be accomplished with a few lines of code or a slight adjustment to the application settings.
The five tips they list range from general "best practice" kinds of things to a bit more specific:
- Manage Setup Scripts
- Include Files (using ".php" not ".inc")
- MD5 vs. SHA
- Automatic Global Variables (no longer an issue in recent releases, 5.4.x)
- Initialize Variables and Values