1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Development Using php and mysql, security

Discussion in 'Software' started by ErisDS, 2 Mar 2005.

  1. ErisDS

    ErisDS What's a Dremel?

    Joined:
    15 May 2004
    Posts:
    190
    Likes Received:
    0
    Yo guys,
    I was wondering if there was anyone who was either a fountain of knowledge or had some good links for finding out about security when using php and mysql.
    Basically, i have been asked to create a database and basic web-based viewing and admin system for a private practice (ie we're talking patient confidentiality), and i want to make sure i can provide as-good-as-it-gets security against anyone who might want to find such information.

    Basically, how secure is using php and mysql, and what are the big no-nos?
     
  2. RTT

    RTT #parp

    Joined:
    12 Mar 2001
    Posts:
    14,120
    Likes Received:
    74
    I type for hours with regards to PHP security theory but a good starter read is here:

    http://www.php.net/manual/en/security.php

    Google for MySQL injection attacks and make sure you understand those thoroughly too, as they are probably the biggest threat out there in any database system.

    :)
     
  3. TheAnimus

    TheAnimus Banned

    Joined:
    25 Dec 2003
    Posts:
    3,214
    Likes Received:
    8
    never under-estimate this attack. Ever.

    learn about REGEXPs they will help here so much.

    also look at how the user for the PHP proccess connects to MySQL.
    don't give it perms it dosen't need.
     
  4. Short-Media

    Short-Media What's a Dremel?

    Joined:
    5 Jun 2003
    Posts:
    34
    Likes Received:
    0
    In PHP.ini make sure register globals are OFF. They make an coder lazy and can leave a site very vulnerable. This is off from PHP4.2 but I've seen hosts put it back on again :duh:

    Turn off magic_quotes_gpc and escape data yourself. This will help you understand escaping characters properly!

    NEVER EVER trust anything you get from a browser. Sanity check everything!

    That's just for starters... I could go on for hours... :idea:
     

Share This Page