There are a variety of security issues that arise when using shared hosting solutions. In the past, PHP has tried to solve some of this issues with the safe_mode directive. However, as the PHP manual states, it “is architecturally incorrect… (READ MORE)
PHP has the ability to directly access the files system and even execute shell commands. While this affords developers great power, it can be very dangerous when tainted data ends up in a command line. Again, proper filtering and escaping… (READ MORE)
Two popular forms of session attacks are session fixation and session hijacking. Whereas most of the other attacks described in this chapter can be prevented by filtering input and escaping output, session attacks cannot. Instead, it is necessary to plan… (READ MORE)
When using a database and accepting input to create part of a database query, it is easy to fall victim to an SQL injection attack. SQL injection occurs when a malicious user experiments on a formto gain information about a… (READ MORE)
Website security refers to the security of the elements of a website through whichan attacker can interface with your application. These vulnerable points of entry include forms and URLs, which are the most likely and easiest candidates for a potential… (READ MORE)
Before analysing specific attacks and how to protect against them, it is necessary to have a foundation on some basic principles of Web application security. These principles are not difficult to grasp, but they require a particular mindset about data;… (READ MORE)
Accessing Session Data HTTP is a stateless protocol; this means that the webserver does not know (or care) whether two requests comes from the same user; each request is instead handled without regard to the context in which it happens…. (READ MORE)
Cookies allow your applications to store a small amount of textual data (typically, 4-6kB) on a Web client. There are a number of possible uses for cookies, although their most common one ismaintaining session state (explained in the next section)…. (READ MORE)
As we discuses, the server responds to an HTTP request by first sending a set of response headers that contain various tidbits of information about the data that is to follow, as well as other details of the transaction. These… (READ MORE)