Chapter 5: Considering PHP Security

In This Chapter

arrow.png Securing the Server and the Apache web server

arrow.png Configuring PHP securely

arrow.png Handling errors safely

arrow.png Sanitizing variables

As a web developer, you need to ensure that your web application is secure. If you’re also performing administration duties on the server, then you need to secure the server as well. Securing the application means making sure any and all inputs from users are sanitized, or checked, against values that you know are good and not allowing any input into the program unless you’ve programmatically checked it. Securing the server means attempting to keep the web application in its own virtual sandbox, so that if the server is compromised the damage is limited.

This chapter discusses security for web applications. You look both at server security and application security.

Securing the Server

The server itself should be secured. This usually means hardening the server and ensuring that the server uses a firewall.

Hardening the server

Typically this means hardening the operating system by uninstalling unnecessary services. ...

Get PHP, MySQL, JavaScript & HTML5 All-in-One For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial