News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
Security Tips #10, #11, and #12
March 19, 2007 @ 11:24:00

The Zend Developer Zone has posted three new helpful security tips to add to their growing list - one on mailing, one about working with privileges, and the other on the dangers of eval:

  • In tip #10, Cal looks briefly at some of the dangers of blindly using form input when sending a mail. One never knows what kind of nasty headers a user might enter.
  • Tip #11 recommends the "path of least privileges" when it comes to allowing access to your application. Don't go global when simple will do just fine - even with the best of intentions, the wrong access can lead to big issues.
  • Finally, in tip #12, one of the more discouraged functions in PHP is discussed - eval. This one little function, when fed the wrong kind of string, can unravel your application from the inside out and provide a would-be attacker just the opening they might need.

You can check out more great security tips like these on the Zend Developer Zone website.

0 comments voice your opinion now!
securitytip eval mail form filter input privilges securitytip eval mail form filter input privilges


blog comments powered by Disqus

Similar Posts

DevShed: Building a PHP5 Form Processor - Coding the Form Validator Module

PHPMaster.com: PHP Security: Cross-Site Scripting Attacks (XSS)

Stoyan Stefanov's Blog: Image fun with PHP - part 2

Submission: Taylor Luk Releases H2o Templating System (Django-inspired)

Arvind Bhardwaj's Blog: How to Test PHP Emails on Localhost


Community Events

Don't see your event here?
Let us know!


performance application series php7 version api example interview opinion extension library symfony2 conference release laravel community podcast framework introduction voicesoftheelephpant

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework