PHP-Code.net: Securing PHP Applications Part II - Securing PHP code
Note: This article was originally published at PHPDeveloper on 29 September 2010.
On PHP-Code.net they've posted the second part of a series looking at securing your PHP applications from potential problems that security flaws could cause for your site. (You can find part one here).
There are a lot of books treating this issue. So, why another post about this subject. Well, here a try to cover this problem in a short way so that you don't have to read hundreds of pages or to search all over the Internet for this. These being said, you must know that securing a PHP application is not an easy process, as you may think and involves a lot of other things, not just your code.
- SQL injections
- Code injections/includes
- Improper error handling
- Authentication and Authorization
- Shared hosting issues