Jump to content
xisto Community
Sign in to follow this  
Silver Bluewater

Adding Security Enhancements To Php Programs Security enhancements of PHP programs

Recommended Posts

PHP is becoming the language for even general programming more as it has seen from PHP4 to PHP5. PHP originally started as CGI script language connected with the internet. Thus, PHP is closely related with the internet and security - whether the problem comes from security leak point of internet protocols or not - problems related to the internet. There are two major security issues when your PHP program(s) has something to do with the internet. There can be memory leak and security leak from the program of PHP not connected - or connected - to the internet by PHP setting and coding. When that's the case checking of the PHP program comes to the first hand checking of PHP setting comes to the second hand and PHP source code for he third hand. Two major security issues of PHP program using the internet and way to prevent will be described below. Please note that the solutions provided here is just like pure algorithm not involving the actual coding of PHP although there might be some PHP coding tips.

First one is the catcher, you really cannot sure that the accessed one is computer or not. The accessed one might be the program trying to collect informations such as e-mail addresses. Moreover, these days of huge portals such as google and yahoo are making the catcher in their user sign-up page. Catcher is usually a set of characters provided in a digital image format and so the accessed computer program cannot functions as it is made for. Accessed computer program cannot recognizes the characters in a digital image format and so this ensures the accessed one to the page is the human, and not a computer program. To prevent a set of characters provided in a digital image format to be recognized and used by the accessed computer program, catcher usually gives a lot of different patterns - so different shape in human's vision - and even limit certain actions of putting the characters to provided field from the catcher. Catcher is recognized as almost impossible to be decoded by the computer these days although catcher might not be able to check the accessed one is computer or not later.

Second one is the session, it allows the program(s) to check the accessed one is consistently keeping up the connection with the server it is connecting. The best way to prevent someone to sniff the accessed one's packet and connect as if it were the accessed one is to use SSL(of high-bit and so it can not be decrypted while the accessed one uses for a considerable amount of time) and session at same time to give more security enhancements. SSL of high-bit does not promise that packet cannot be decrypted although the probability is very rare to have security leak. SSL of low-bit has more probability of having the security leak than SSL of low-bit. Although it may be possible that SSL may have the security leak, that occurrence 's probability is so rare and roughly estimated to impossible unless that accessed one's computer did make special occasions such as giving of the key to the attacker whether the accessed one intended or not. For practical use, some companies - actually most of renowned companies - provide SSL partially in their pages when the need is significant and use sessions where it is needed unless there are the need for covering up the whole pages with SSL and session since SSL and session require more server resource(s).


--
Have a nice day!

My blog : silverbluewater.blogspot.com

Edited by Silver Bluewater (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.