Results 1 to 4 of 4

Thread: Write Secure Scripts with PHP 4.2!

  1. #1
    Join Date
    Jul 2001
    Location
    Kuala Lumpur
    Posts
    20
    Rep Power
    0

    Post Write Secure Scripts with PHP 4.2!

    i've found one intresting article regarding new feature on php 4.2.

    here's some intro about it.

    For the longest time, one of the biggest selling points of PHP as a server-side scripting language was that values submitted from a form were automatically created as global variables for you. As of PHP 4.1, the makers of PHP recommended an alternate means of accessing submitted data. In PHP 4.2, they switched off the old way of doing things! As I'll explain in this article, these changes have been made in the name of security. Together, we'll explore the new features of PHP for handling form submissions and other data, and how they can be used to write more secure scripts.

    more info
    Last edited by tedbundyjr; 13-05-2002 at 03:54 PM.
    trashlyme®
    tedbundyjr.com

  2. #2
    Join Date
    Jul 2001
    Location
    OCed
    Posts
    252
    Rep Power
    227
    i'm just testing it yesterday ... yes based on that article :P

    basically there is nothing to worry about ... just add some simple variable to your old script, it will compatible with php 4.2.0 (afaik).

    something that interest me is, we actually can choose how to read the variable that send from browser ... either $_request, $_get, or $_post ... in this way if we use $_post['somevalue']; people cannot submit the data via inline url (am i right ?) eg domain.com?xx=xx ... php dont read that because we choose to read from form that use post method. that way we can force user to use form (haha .. i like this!)

    ps : it isn't actually made for us to choose ... it's for security reason i just use the word "choose" because i feel it like that.
    I can't affod to have a signature here, can somebody sponsor me a signature ?

  3. #3
    Join Date
    Nov 2001
    Location
    MLK
    Posts
    119
    Rep Power
    220
    aku rasa sama jer, dalam konsep secure programming, aku nengok dalam kevin yank punya tips, kurang lagi.

    Cuba nengok, kalau kita guna data dari get method pun

    contoh url tu

    bla.com/index.php?bla=ayam

    dalam file index.php

    <?php

    $bla = "kucing";

    $sql = "insert into bla values (data) values ('$bla')";

    ?>

    tetap masukkan data $bla = "kucing";


    aku pun kurang pasti, time bila dia unsecure, ada sapa2 boleh tunjukkan aku tak?

    ohhh.. ada satu artikel lagi best mengenai security dalam programming

    http://softwaredev.earthweb.com/scri...918141,00.html
    Last edited by r0kawa; 18-05-2002 at 08:47 PM.

  4. #4
    Join Date
    Jul 2001
    Location
    OCed
    Posts
    252
    Rep Power
    227
    aku pun tatau ... tapi maybe dia jadik unsecure bila user yg write script tuh terus jerk coding tanpa pikirkan soal security dia .. mcm phpbb yg boleh masuk admin page ... phpnuke yg bleh change admin password .. etc etc.

    mcm contoh yg kevin yank tunjuk tuh ... for the first time aku coding .. aku tak pakai cara tuh .. so kevin tuh just gunakan coding tuh sebagai contoh utk menunjukkan betapa unsecurenya nya jerlah ...

    itulah pendapat aku.
    I can't affod to have a signature here, can somebody sponsor me a signature ?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Freelance write for article re-write project
    By neverknow1 in forum Looking To Hire
    Replies: 3
    Last Post: 07-10-2007, 10:55 AM
  2. Write a Slogan, Win a Tee Shirt
    By TheEditor in forum Other Webmaster-related Services and Promotion
    Replies: 0
    Last Post: 23-12-2006, 01:26 AM
  3. Write To A File
    By koisempoi in forum Website Programming
    Replies: 3
    Last Post: 07-05-2005, 06:15 PM
  4. How to write a privacy statement ?
    By lcf in forum Mamak Stall
    Replies: 2
    Last Post: 27-04-2005, 10:30 AM
  5. JSP is more secure?
    By lcf in forum Website Programming
    Replies: 16
    Last Post: 11-06-2004, 06:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search Engine Optimization by vBSEO 3.5.0 RC1 PL1

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112