News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

thePHP.cc:
Do No Enter!
November 23, 2012 @ 10:37:44

In a new post to the PHP.cc site today Arne Blankerts reminds us that not all security is about writing good code and handing data correctly - it's also about the systems they run on.

What seems to be so obvious for road traffic and its rules seems to be less obvious for many web developers. They tend to slack on defining (and monitoring) what is happening at the application level as well as the infrastructure level of their application. It is not enough to run a default install of your operating system of choice, add whatever services you need, and hope for the best. Considering the amount of money as well as damage to reputation, either directly due to fraud and abuse or indirectly by time lost to recover a hacked system or software, the "let's hope for the best" approach is of arguable quality. And we are not even considering general bugs here.

He mentions configuring the server, OS and network to ensure a higher level of security, noting that no matter how much work is put into secure code, if the attacker can get to points on the system they shouldn't, your app is still vulnerable.

But how can you tell if someone is actually trying to break in? Pretty much exactly as the police does for road traffic: with speed checks and by patrolling. A properly configured firewall will show as well as inhibit any unauthorized communication within the network and all you need to do is monitor the vital signs of your infrastructure.
0 comments voice your opinion now!
server operatingsystem security network firewall


blog comments powered by Disqus

Similar Posts

SitePoint.com: How to Create an XML to JSON Proxy Server in PHP

Three Devs and a Maybe Podcast: Web Application Security - Part 2

Ibuildings Blog: Windows Azure and PHP

PHP-Security.net: New PHP-CGI Exploit (CVE-2012-1823)

Maarten Balliauw's Blog: A client side Glimpse to your PHP application


Community Events





Don't see your event here?
Let us know!


install language series library interview application podcast release security symfony tool voicesoftheelephpant opinion composer version framework introduction laravel package community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework