A Note on Security in PHP

From PHP.NET::::

PHP is a powerful and flexible tool. This power and flexibility comes from PHP being a very thin framework sitting on top of dozens of distinct 3rd-party libraries. Each of these libraries have their own unique input data characteristics. Data that may be safe to pass to one library may not be safe to pass to another.

A recent Web Worm known as NeverEverSanity exposed a mistake in the input validation in the popular phpBB message board application. Their highlighting code didn’t account for double-urlencoded input correctly. Without proper input validation of untrusted user data combined with any of the PHP calls that can execute code or write to the filesystem you create a potential security problem. Despite some confusion regarding the timing of some unrelated PHP security fixes and the NeverEverSanity worm, the worm didn’t actually have anything to do with a security problem in PHP.

Read in Full

PHP Security Note

Zareef Ahmed

Recent Posts

10 differences between AWS and Google Cloud

Tools to manage popular database systems

Roadmap to be an expert in SQL

What are basic things in SQL, that you should know?

7 Laravel Features to Enhance the Security of Your Application

Book Review : Socket.IO Cookbook (Tyson Cadenhead) by Zareef Ahmed

Book Review : Continuous Delivery with Docker and Jenkins By Zareef Ahmed

AWS : How to connect to Windows Instance by Zareef Ahmed

What is the use of dynamic inventory in Ansible?

Book Review : Clean Code (Robert C. Martin) by Zareef Ahmed

Book Review : Mastering Ansible (Jesse Keating) by Zareef Ahmed

Leave a Reply Cancel reply

Zareef Ahmed

Recent Posts

Tags

A Note on Security in PHP

Leave a Reply Cancel reply