Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
| Newsgroups | alt.php.sql |
|---|---|
| Date | 2017-03-01 10:20 -0800 |
| Message-ID | <14245ab1-7af9-4143-8557-a342a6be8da4@googlegroups.com> (permalink) |
| Subject | Do you know of a guide on how to idiot proof php for use on the public web? |
| From | reply@mynetblog.com |
Do you know of a guide on how to idiot proof php for use on the public web? I have great concerns about people XSS'ing my site or other serious stuff. My problem is that I assume everything is going to get attacked and am afraid to put any php where people can access it. A very long time ago I had this CGI page to allow people to enter a URL they wanted to see and when they submitted the form it would display the link on a result page. I know this is very bad to do this type of thing now because of XSS vulnerabilities. However, I don't know about all the other hacks people use to exploit php. I just recently found out about the proxy variable where people set a "proxy" variable in their request header that when sent to a CGI script turns into http_proxy environment variable. So, I blocked that. (I think.) Attackers are actively scanning my site for vulnerabilities so I am fearful of putting anything on my site that they can attack because I know they will exploit any hole they find. I only know how to write simple and short php scripts and some very basic SQL queries.
Back to alt.php.sql | Previous | Next | Find similar
Do you know of a guide on how to idiot proof php for use on the public web? reply@mynetblog.com - 2017-03-01 10:20 -0800
csiph-web