Index
 |
Adding Security Enhancements To Php Programs - Security enhancements of PHP programs | ||
Discussion by Silver Bluewater with 0 Replies.
Last Update: June 5, 2007, 4:37 pm | |||
 |
|||
PHP is becoming the language for even general programming more as it has seen from PHP4 to PHP5. PHP originally started as CGI script language connected with the internet. Thus, PHP is closely related with the internet and security - whether the problem comes from security leak point of internet protocols or not - problems related to the internet. There are two major security issues when your PHP program(s) has something to do with the internet. There can be memory leak and security leak from the program of PHP not connected - or connected - to the internet by PHP setting and coding. When that's the case checking of the PHP program comes to the first hand checking of PHP setting comes to the second hand and PHP source code for he third hand. Two major security issues of PHP program using the internet and way to prevent will be described below. Please note that the solutions provided here is just like pure algorithm not involving the actual coding of PHP although there might be some PHP coding tips.
First one is the catcher, you really cannot sure that the accessed one is computer or not. The accessed one might be the program trying to collect informations such as e-mail addresses. Moreover, these days of huge portals such as google and yahoo are making the catcher in their user sign-up page. Catcher is usually a set of characters provided in a digital image format and so the accessed computer program cannot functions as it is made for. Accessed computer program cannot recognizes the characters in a digital image format and so this ensures the accessed one to the page is the human, and not a computer program. To prevent a set of characters provided in a digital image format to be recognized and used by the accessed computer program, catcher usually gives a lot of different patterns - so different shape in human's vision - and even limit certain actions of putting the characters to provided field from the catcher. Catcher is recognized as almost impossible to be decoded by the computer these days although catcher might not be able to check the accessed one is computer or not later.
Second one is the session, it allows the program(s) to check the accessed one is consistently keeping up the connection with the server it is connecting. The best way to prevent someone to sniff the accessed one's packet and connect as if it were the accessed one is to use SSL(of high-bit and so it can not be decrypted while the accessed one uses for a considerable amount of time) and session at same time to give more security enhancements. SSL of high-bit does not promise that packet cannot be decrypted although the probability is very rare to have security leak. SSL of low-bit has more probability of having the security leak than SSL of low-bit. Although it may be possible that SSL may have the security leak, that occurrence 's probability is so rare and roughly estimated to impossible unless that accessed one's computer did make special occasions such as giving of the key to the attacker whether the accessed one intended or not. For practical use, some companies - actually most of renowned companies - provide SSL partially in their pages when the need is significant and use sessions where it is needed unless there are the need for covering up the whole pages with SSL and session since SSL and session require more server resource(s).
--
Have a nice day!
My blog : silverbluewater.blogspot.com
First one is the catcher, you really cannot sure that the accessed one is computer or not. The accessed one might be the program trying to collect informations such as e-mail addresses. Moreover, these days of huge portals such as google and yahoo are making the catcher in their user sign-up page. Catcher is usually a set of characters provided in a digital image format and so the accessed computer program cannot functions as it is made for. Accessed computer program cannot recognizes the characters in a digital image format and so this ensures the accessed one to the page is the human, and not a computer program. To prevent a set of characters provided in a digital image format to be recognized and used by the accessed computer program, catcher usually gives a lot of different patterns - so different shape in human's vision - and even limit certain actions of putting the characters to provided field from the catcher. Catcher is recognized as almost impossible to be decoded by the computer these days although catcher might not be able to check the accessed one is computer or not later.
Second one is the session, it allows the program(s) to check the accessed one is consistently keeping up the connection with the server it is connecting. The best way to prevent someone to sniff the accessed one's packet and connect as if it were the accessed one is to use SSL(of high-bit and so it can not be decrypted while the accessed one uses for a considerable amount of time) and session at same time to give more security enhancements. SSL of high-bit does not promise that packet cannot be decrypted although the probability is very rare to have security leak. SSL of low-bit has more probability of having the security leak than SSL of low-bit. Although it may be possible that SSL may have the security leak, that occurrence 's probability is so rare and roughly estimated to impossible unless that accessed one's computer did make special occasions such as giving of the key to the attacker whether the accessed one intended or not. For practical use, some companies - actually most of renowned companies - provide SSL partially in their pages when the need is significant and use sessions where it is needed unless there are the need for covering up the whole pages with SSL and session since SSL and session require more server resource(s).
--
Have a nice day!
My blog : silverbluewater.blogspot.com
Tue Jun 5, 2007 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Htaccess/gd Problems. (0)
|
(7) Learning Php 
|