Skip to Main Content
PHP in a Nutshell
book

PHP in a Nutshell

by Paul Hudson
October 2005
Intermediate to advanced content levelIntermediate to advanced
372 pages
11h 35m
English
O'Reilly Media, Inc.
Content preview from PHP in a Nutshell

Chapter 12. Security

The Internet is not a safe place, thanks to a small percentage of its users who feel the need to attack other users electronically. The reasons for the attacks vary— sometimes it is for monetary gain, where attackers find holes in your code that they can exploit to their advantage, and other times it is just for fun.

If your PHP scripts run on an Internet-facing server, they are accessible to hackers and you need to take extra care. Many PHP projects—particularly the larger ones, such as PostNuke—have had major exploits published that allow hackers to take control of a web server remotely. This chapter contains tips and advice to help you avoid falling victim to the next hacker that comes your way.

Security Tips

The easiest way for hackers to find holes in your web site is to scan for strings that give away a known vulnerability. This can be done with a client-side tool that simply hits IP addresses again and again until it finds something it recognizes, but many modern hackers utilize Google to search for data.

As a result, it has never been more important to keep a tight control over what files are on your web site and what information you give to visitors.

Put Key Files Outside Your Document Root

Your document root is the root directory of your web server. That is, if your site is example.com, the root directory would be the directory that http://www.example.com/ points to. For example, on Linux this is often /var/www/html, and on Windows this is often c:\inetpub\wwwroot ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

PHP Cookbook

PHP Cookbook

Eric A. Mann
Programming PHP

Programming PHP

Rasmus Lerdorf, Kevin Tatroe
Learning PHP

Learning PHP

David Sklar

Publisher Resources

ISBN: 0596100671Errata Page