Chapter 5. Data Integrity and Security
We’re up and running, dealing with all our input and output in beautiful Unicode. The Internet is our oyster and the screaming hordes of users are ready to break down the door.
But before they do, it’s important we take a careful look at the validity of the data we’re going to be storing. The data of our application, as it permeates the sponge at our base (if that makes no sense, go back and read Chapter 2) becomes the most essential asset we have. We’re going to want to keep this asset safe if we want to stay in business. Keeping it safe means not accidentally deleting it and not accidentally exposing it to people who shouldn’t see it, but also making sure that the data we’re storing is the data we were expecting to store.
This chapter deals with the integrity of the data received and stored by our application. We’ll cover the filtering of incoming data, the storage and manipulation of that data, and we’ll look at how we can protect our applications from innocent and malicious attacks. We’ll be covering some important core principles in this chapter, but the field of application security is wide and complex. If you end this chapter with a thirst for more, you might want to take a look at Essential PHP Security by Chris Shiflett (O’Reilly).
Data Integrity Policies
Data integrity is key to a successfully engineered application. The data you receive, process, and store is what your application is all about. Regardless of what transformations you ...