PHP Articles

/PHP Articles

Another PHP tip

While it’s all well and good to spend considerable time securing your PHP applications, there is something else that you can do, or rather not do. As a PHP programmer, I see people do one alarming thing: they download and install PHP applications from questionable sources. While there are a lot of honourable programmers who offer their scripts for free, there are plenty of hackers who enjoy deploying applications that cause harm to others. I discussed this earlier, but it bears repeating: trust your source. Know your source. […]

By | July 15th, 2010|Development, PHP, PHP, PHP Articles|0 Comments

The importance of secure PHP code

In recent days, I’ve talked about the importance of server hardening and security, but there’s another aspect of the integrity of your server that must not be ignored: PHP code. If you don’t have secure PHP code, you may find yourself the victim of numerous type of attacks, including SQL injection attacks, which as the name suggest, goes directly after your database, which in most cases is the very heart of your website or application. […]

By | July 12th, 2010|Development, PHP, PHP, PHP Articles|0 Comments

PHP, MySQL and memcached

According to memcached is a distributed object memory caching system. It can be used to set and get data by keys by any application that supports sockets. As a website security consultant I advise you to ensure that your memcache server runs on 127.0.0.1 only and that you secure your server. Anyone with access to the server can telnet to the server’s local interface and get/set your memcache data. I’ve used memcached for a number of PHP/MySQL projects, where I want greater cache control on database queries, than just relying on MySQL’s inbuilt caching abilities. Now, whilst memcached should not be used to mask bad database design and optimization, or badly written SQL queries, it can help dramatically with queries that simply take a long time and have already been optimized as far as possible. Assume that you had a simple database query wrapper: […]

By | June 24th, 2010|Development, MySQL, PHP, PHP, PHP Articles, Technology|0 Comments

PHP Security

As a PHP programmer, there are a couple of things you can do quickly and easily to increase the security of your PHP code installation. Look into PHP’s “safe mode” feature, ESPECIALLY if you’re running a webserver that takes the general public can upload scripts to. Here you’ll find a list of the functions disabled or restricted by safe mode. It is not strictly PHP’s job to restrict these types of functions, however unless you really know what you’re doing, the list of functions restricted by safemode is a good starting point for building secure applications. These are generally functions that allow file and directory manipulation, and socket manipulation. If it’s not possible within your environment to disable them all, disable as many of these functions as possible. Although not that common, if I’m writing an application that heavily relies on functions that manipulate directories or sockets, I’ll prefer to create a C daemon or similar to handle this side of things and simply use PHP to communicate with it. […]

By | January 14th, 2010|Development, PHP, PHP, PHP Articles, Technology|0 Comments

PHP Programmer – Logical Operators

PHP allows the use of boolean operators. AND, OR, XOR and NOT. We can combine NOT with AND and OR to form the NAND and NOR operators respectively. $a = ($b and $c); will return TRUE if both $b AND $c are TRUE, otherwise, it will return FALSE. This can also be specified as $a = ($b && $c) $a = ($b or $c); will return TRUE if $b OR $c are TRUE, otherwise, it will return FALSE. This can also be specified as $a = ($b || $c); $a = ($b xor $c); will return TRUE if $b OR $c are TRUE, but not if they are both TRUE, otherwise, it will return FALSE. $a = (! $b); will return TRUE if $b is NOT TRUE. $a = (!($b && $c)); will form NAND (NOT + AND) $a = (!$b || $c)); will form NOR (NOT+AND); […]

By | December 17th, 2009|Development, MySQL, PHP, PHP, PHP Articles|0 Comments