Secure PHP Applications (PHP Security)


To understand PHP security better let us first understand what is PHP and Security

Security is a process, not a product, and adopting a sound approach to security during the process of application development will allow you to produce tighter, more robust code.

(PHP Hypertext Preprocessor) A scripting language used to create dynamic Web pages. With syntax from C, Java and Perl, PHP code is embedded within HTML pages for server side execution. It is commonly used to extract data out of a database and present it on the Web page

PHP is a powerful scripting language for building web applications, and also one of the easiest ways for hackers to gain access to your web server. Developers need to understand how their scripts can be exploited in order to protect them.

PHP is widely used in many high-end applications that maybe a Web Based (Internet) or and Intranet Applications. We can say that from the total PHP in Web Based (Internet) Applications : 80% and Intranet Applications:20%.

As IBM as suggested few basic principles that we could follow to make our website secure and guard our application from any vulnerabilities:

Validate input
Guard your file system
Guard your database
Guard your session data
Guard against Cross-Site Scripting (XSS) vulnerabilities
Verify form posts
Protect against Cross-Site Request Forgeries (CSRF)
  1. Validate input
  2. Guard your file system
  3. Guard your database
  4. Guard your session data
  5. Guard against Cross-Site Scripting (XSS) vulnerabilities
  6. Verify form posts
  7. Protect against Cross-Site Request Forgeries (CSRF)
Advertisements

Open a new window using Javascript


JavaScript : window.open

There are few times we would like top open a pop window to show some data or also be user interactive bu showing a good form in a pop window, window.open can be used for this pupose

We can directly write window.open(url) in the anchor tag, but let be more innovative and give more flexibility to our code, so we write a wrapper function around it.

The below example provides a broader view:

/* Function : New Window
|
| Description : This parameter defines how you want the new window to appear.
| This parameter is ignored if an existing window is to be reused.
| The contents of this parameter is a comma separated list of sub-parameters.
|
| Arguments :-
|
| left : yes or no
| specifies the recommended distance from the left of the
| screen to the left of the new window.
| top : yes or no
| specifies the recommended distance from the top of the
| screen to the top of the new window.
| width : yes or no
| specifies the width of the content area for the new window
| (including any scrollbars etc). |
| Note. IE7 will not allow you to set width below 250px.
| height : specifies the height of the content area for the new window
| (including any scrollbars etc).
| Note. IE7 will not allow you to set height below 150px.
| menubar : can be set to yes or no to indicate whether or not the new window
| should display a menubar.
| toolbar : can be set to yes or no to indicate whether or not the new window
| should display a toolbar.
| location : can be set to yes or no to indicate whether or not the new window
| should display the location |
| status : can be set to yes or no to indicate whether or not the new window
| should display the status bar.
| resizable : can be set to yes or no to indicate whether or not the new window can be resized.
| scrollbars : can be set to yes or no to indicate whether or not the new window
| should display scrollbars if required.
|
| Optional :-
|
| replace : This parameter defines how an existing window is to be reused.
| If true then the new page replaces the current page in the browser history.
| If false the new page is added to the browser history.
|
| Example: window.open(“URL”,”width=350, height=400, toolbar=no, resize=yes, scrollbars=yes, status=no, menubar=yes”);
|
| @access public
| @param string
| @param int
| @param int
| @return void
*/
function new_window(url,swidth,sheight)
{

var width = (swidth) ? swidth: 600;
var height = (sheight) ? sheight: 500;

if(url != “”)
window.open(url,”new_window”,”toolbar=no, width=”+width+”, height=”+height+”, status=no,scrollbars=yes, resize=yes, menubar=no”);
}