PHP Security Tip #14

Cal Evans (Editor-in-Chief) | 2 comments | March 21st, 2007

p. Almost any application running PHP on the back-end uses web technologies for it’s front end. Many developers who think hard on PHP security, don’t spend a thought on front-end security for their application. Here’s a tip to think long and hard about when building your HTML and JavaScript.

Any data inside of a cookie can be potentially seen by others- restrict to a minimum

p. It’s a sad fact on today’s web but there are bad people out there. They want nothing more than for your application to leak sensitive data so they can exploit it. Make sure you look at the whole picture when evaluating the security of your application. This is very important when looking at what information you persist on the front end.

Buffer

Published: March 21st, 2007 at 2:25
Categories: Uncategorized
Tags: Security Tips

← PHP Security Tip #13

PHP Security Tip #15 →

2 comments to “PHP Security Tip #14”

timhzend
March 22nd, 2007 at 4:42 pm

Hello, thank you very much for the security tips. However, I sometimes found them too short to be taken seriously. Perhaps, instead of short tips we would provide some principles to help a new web developer understand what happens with his application in the web and what data can be hijacked, sniffed etc.

Perhaps, instead of many small tips that are hard to remember, we would provide some simple principles that can help secure anything, not just PHP/HTML/Javascript? A good understanding of the architecture of a online session with a web application could help one to think of his security more.

Thank you for the devzone. I wish it can grow as big as a MDSN for PHP.

admin
March 23rd, 2007 at 12:05 pm

Hi Tim,

First, thanks for posting.

Yes, in many cases, the tips are short, especially, of late since we quickly ran through the obvious ones. However, the concepts they express are no less important.

Take for example, this one you responded to. It’s not a concept that can easily be expressed in code that is meaningful. The idea is only meaningful when you are working on your front end code. I could have shown some sample code that set a cookie with someone’s full name and address and put the word BAD above it in bold letters but I felt everyone could see that already.

My hope is that people see these tips as a quick way to start their days that will remind them to look for ways to secure their code during the day.

=C=