9 January 2007
Basic PHP Script Security
Posted by Mikhail Esteves under: LAMP; Tips .
The Security of PHP scripts has become a major issue lately. The very power and flexibility of PHP scripting architecture has become its major vulnerability, if certain simple steps are not taken to protect the script. The simple ability to take data from a webpage is also a potential gateway for a variety of attacks that aim to steal information from databases, or to corrupt that data. Not only server-side data is at risk, but attacks are possible that may harm all the visitors of the site by simple injection of malicious code.
For the purpose of this tutorial we have listed some commonly known attacks, and how to protect against them. This is crucial for beginners in PHP because PHP tutorials and basic documentation does not accentuate this problem enough. Examples are given that are vulnerable to attacks, and students are either not aware of the vulnerabilities, or are not adequately educated how to protect their scripts.
In addition, the types of attacks presented here are not limited only to PHP, since they exploit standard HTTP request/response protocol which is available to any server-side scripting language.