PHP systems and security

Question

PHP systems and security

As a web developer, I use PHP and I know that I need to worry about security, but when you use the framework, there is a lot of code and design that you relay, but that you did not code or design, and for example, I use CakePHP.

so in this case with frameworks, how much should I worry about security?

+5

security php frameworks cakephp

Ayoub Sep 03 '09 at 10:22

source share

3 answers

, . , , .

, CakePHP.

. , - - , . :

, , . , . , .
SQL Injection . , . CakePHP . http://book.cakephp.org/view/153/Data-Sanitization
URL- . , . , , /show _user/2098, - show_user/2097, . CakePHP UUID, .

-, , . :

eval() system() , . , Perl, - .
. , . CakePHP , apache app/webroot. , tmp apache, .

-, .

CakePHP Auth Acl, , . Cake Sessions, , PHP .

, , . , : http://book.cakephp.org/view/170/Core-Components

+4

Dooltaz 03 . '09 17:03

ESAPI: http://www.owasp.org/index.php/Category:OWASP_Enterprise_Security_API#tab=PHP

, , .

0

oreoshake 03 . '09 16:48

Pascal MARTIN · Accepted Answer · 2009-09-03T10:30:28+0000

You must always respect the basic safety principles:

do not trust the user
never trust the user

What kind means:

filter / check everything that comes to your application.
print any output.

, , :

,
/; ; -)
; .

: :

, ,

, , , , , /, , ; -)

open-source, : , , - , .

PHP systems and security

More articles: