Some PHP security goodness, how-to

Some of my best practites for PHP

1. Check the syntax of all of the php files:


localhost:~ $ find $(pwd) -name \*.php -exec php -l '{}' \;

2. Set php.ini for development:


error_reporting=8192
display_errors=On
display_startup_errors=On
log_errors=On
error_log=error_log
report_memleaks=On
expose_php=On
asp_tags=Off

3. Watch out for proper type handling:


$clean_int = (int)$dangerous_int;

4. Watch apache/error_log for errors while running a link checker on the site (try also for authenticated user):


tail -f /var/log/apache2/error_log

More resources:
http://blackhatlibrary.net/PHPhttp://www.phptherightway.com/

Advertisements

About Michal Zuber

Full stack developer, biker and rollerblader. Owner and developer at https://nevilleweb.sk/ Co-founded http://neville.sk/ Blog at https://michalzuber.wordpress.com/
This entry was posted in php. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s