News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

thePHP.cc:
Do No Enter!
November 23, 2012 @ 10:37:44

In a new post to the PHP.cc site today Arne Blankerts reminds us that not all security is about writing good code and handing data correctly - it's also about the systems they run on.

What seems to be so obvious for road traffic and its rules seems to be less obvious for many web developers. They tend to slack on defining (and monitoring) what is happening at the application level as well as the infrastructure level of their application. It is not enough to run a default install of your operating system of choice, add whatever services you need, and hope for the best. Considering the amount of money as well as damage to reputation, either directly due to fraud and abuse or indirectly by time lost to recover a hacked system or software, the "let's hope for the best" approach is of arguable quality. And we are not even considering general bugs here.

He mentions configuring the server, OS and network to ensure a higher level of security, noting that no matter how much work is put into secure code, if the attacker can get to points on the system they shouldn't, your app is still vulnerable.

But how can you tell if someone is actually trying to break in? Pretty much exactly as the police does for road traffic: with speed checks and by patrolling. A properly configured firewall will show as well as inhibit any unauthorized communication within the network and all you need to do is monitor the vital signs of your infrastructure.
0 comments voice your opinion now!
server operatingsystem security network firewall


blog comments powered by Disqus

Similar Posts

DevShed: Authentication for Web Application Security

C7Y: Step Away From the SuperGlobals! An Introduction to Inspekt

Zend Developer Zone: The ZendCon Sessions Episode 1:The State of PHP Security

PHP.net: PHP 5.4.27 Released

Mpwebwizard.com: Use a mirror for hits from popular websites


Community Events











Don't see your event here?
Let us know!


unittest framework threedevsandamaybe code symfony2 podcast hhvm package install application release security introduction facebook overview language opinion composer component hack

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework