Getting Started
Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
Website Vulnerabilities
Protecting Against
SQL Injection Attacks
About the Author
Avoiding misconfiguration
Filesystem rights
.
Avoid making a directory "world writeable"
Know your PHP user!
Protect files and directories off the document root
php.ini
security settings
.
Do not rely on
safe_mode
!
.
open_basedir, doc_root
.
memory_limit, post_max_size
.
disable_classes, disable_functions
.
date.timezone
Running PHP as a CGI binary
.
cgi.force_redirect
.
doc_root and user_dir
.
+
o
-