PHP & SQL Security

PHP page for processing, he or she checks the data to. … permissions held by the master Web server process itself. Thanks to this mechanism.

More PDF Content

1. Introduction – Web Security: The Big Picture… 4
1.1 SQL Injection … 4
1.2 Directory Traversal… 5
1.3 Authentication Issues … 5
1.4 Remote Scripts (XSS) … 6
2 Processing User Data… 7
2.1 Validating Form Input & Stripping Tags… 7
2.2 Executing Code Containing User Input … 10
3 Database Security… 12
3.1 SQL Injection … 12
3.2 Non-String Variables… 13
3.3 Database Ownership & Permissions … 14
3.4 File Permissions… 14
3.5 Database Connections… 15
3.6 Database Passwords In Scripts… 15
4 File System Security… 17
4.1 Directory Traversal Attacks … 17
4.2 Remote Inclusion… 18
4.3 File Permissions… 20
4.4 UNIX File Permissions… 20
5 File Uploads … 22
6 PHP Safe Mode… 27
6.1 What Is Safe Mode?… 27
6.2 What Does Safe Mode Restrict?… 27
6.2.1 Restricting File Access… 27
6.2.2 Restricting Access To Environment Variables … 28
6.2.3 Restrictions On Running External Programs … 28
6.2.4 Other Restrictions Imposed … 28
6.3 Safe Mode Configuration Directives… 29
6.4 Functions Restricted By Safe Mode … 30
6.5 Overriding Safe Mode Settings … 31
7 Session Security… 33
7.1 What Are Sessions? … 33
7.2 How Do Sessions Work? … 33
7.3 Using $_SESSION… 34
7.4 Trusting Session Data… 35
7.5 Changing The Session File Path… 35
7.6 Storing Sessions In A Database… 36
7.7 Further Securing Sessions … 38
8 Beyond PHP Security… 40
8.1 Chroot Jails … 40
8.2 Apache mod_chroot & mod_security … 40
8.3 suEXEC… 40
8.4 Multiple Server Instances … 41
9 Acunetix Web Vulnerability Scanner … 42
9.1 How To Check For PHP Vulnerabilities … 42
10 Resources … 43
10.1 PHP Security Resources… 43
10.1.1 The PHP Manual … 43
10.1.2 The PHP Security Consortium… 43
10.1.3 PHP Advisories… 43
10.1.4 Acunetix Web Site Security Center … 43
10.2 SQL Security Resources… 43
10.2.1 The PHP Manual (again)… 43
10.2.2 PostgreSQL Security Advisories … 43
10.2.3 MySQL Bugs Database… 43
10.3 Apache Security Resources … 44
10.3.1 mod_chroot Homepage… 44
10.3.2 mod_security Homepage … 44
10.3.3 Apache suEXEC Manual … 44
10.3.4 Apache Reverse Proxy Manual… 44
10.3.5 Apache Security Reports… 44
11 Afterword… 45

Download PHP & SQL Security pdf from www.acunetix.com, 46 pages, 281.16KB.
Related Books

Leave a Reply