December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Summary
In Chapter 6, we continued our discussion of script vulnerabilities, focusing here on protecting temporary files.
We began with a discussion of the importance of temporary files, including their locations, their permanence, and the risks they present, both for exposing your private data and for presenting an opportunity for an attacker to hijack your file and substitute one of his own.
After an example of such an exploit, we turned to discussing various ways to prevent such abuse: securing network connections, creating unguessable filenames, restricting permissions, and writing to and reading from known files only.
Finally, we provided a model for a test of your protection against attempts to hijack temporary files.
In Chapter 7, we will ...