March 2006
Beginner to intermediate
448 pages
13h 33m
English
Content preview from Head Rush Ajax
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
328
Even though you added validation to the Break Neck
order form, you should still escape strings and tighten
up the PHP script running on Break Neck’s web
server.
Even though you’ve added a nice layer of security to
your web page, clever hackers can work around your
page, and attack the lookupCustomer.php script
directly. In other words, your validation helps protect
your app from someone attaching you from a web
front end, but doesn’t do anything to stop someone
from going after your script directly.
Besides, putting a little extra work into securing your
PHP script is a good idea. You can never have too
much security... you never know when some clever
twelve year old will come up with a new way to get at
your data, and create problems for your customers.
You still need to secure the PHP script
So we’re done, right? Now that we’re
validating the phone number, nobody will
be able to enter those weird strings, and
get our customer lists.
You can
never have
too much
security.
are we done yet?