Skip to Content
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
book

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

by Chris Snyder, Michael Southwell, Thomas Myer
December 2010
Intermediate to advanced
363 pages
12h 21m
English
Apress
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

Access Control for Web Applications

Authentication systems aren't the only methods at your disposal for ensuring use by legitimate users—you can also use access control systems specifically for web applications. Yes, you learned in Chapter 4 that you could use system-level access controls, but for many reasons these aren't feasible in a web application:

  1. It is impractical to use file ownership and permissions to control access to files and scripts that must all be readable by the webserver user nobody.
  2. An online application should never be allowed to create (or even expose the existence of) system-level user accounts. Besides making it difficult to scale an application across multiple servers, each additional system account is a potential agent ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Essential PHP Security

Essential PHP Security

Chris Shiflett
Securing PHP Apps
Preventing Web Attacks with Apache
What's New in Apache Web Server 2.2?

Publisher Resources

ISBN: 9781430233183Purchase book