Write Secure Scripts with PHP 4.2!

tedbundyjr · #1 (**permalink**) 13-05-2002, 03:48 PM

i've found one intresting article regarding new feature on php 4.2.

here's some intro about it.

For the longest time, one of the biggest selling points of PHP as a server-side scripting language was that values submitted from a form were automatically created as global variables for you. As of PHP 4.1, the makers of PHP recommended an alternate means of accessing submitted data. In PHP 4.2, they switched off the old way of doing things! As I'll explain in this article, these changes have been made in the name of security. Together, we'll explore the new features of PHP for handling form submissions and other data, and how they can be used to write more secure scripts.

more info

malayneum · #2 (**permalink**) 13-05-2002, 05:37 PM

i'm just testing it yesterday ... yes based on that article :P

basically there is nothing to worry about ... just add some simple variable to your old script, it will compatible with php 4.2.0 (afaik).

something that interest me is, we actually can choose how to read the variable that send from browser ... either $_request, $_get, or $_post ... in this way if we use $_post['somevalue']; people cannot submit the data via inline url (am i right ?) eg domain.com?xx=xx ... php dont read that because we choose to read from form that use post method. that way we can force user to use form (haha .. i like this!)

ps : it isn't actually made for us to choose ... it's for security reason

i just use the word "choose" because i feel it like that.

r0kawa · #3 (**permalink**) 18-05-2002, 08:38 PM

aku rasa sama jer, dalam konsep secure programming, aku nengok dalam kevin yank punya tips, kurang lagi.

Cuba nengok, kalau kita guna data dari get method pun

contoh url tu

bla.com/index.php?bla=ayam

dalam file index.php

<?php

$bla = "kucing";

$sql = "insert into bla values (data) values ('$bla')";

?>

tetap masukkan data $bla = "kucing";

aku pun kurang pasti, time bila dia unsecure, ada sapa2 boleh tunjukkan aku tak?

ohhh.. ada satu artikel lagi best mengenai security dalam programming

http://softwaredev.earthweb.com/scri...918141,00.html

malayneum · #4 (**permalink**) 18-05-2002, 08:47 PM

aku pun tatau ... tapi maybe dia jadik unsecure bila user yg write script tuh terus jerk coding tanpa pikirkan soal security dia .. mcm phpbb yg boleh masuk admin page ... phpnuke yg bleh change admin password .. etc etc.

mcm contoh yg kevin yank tunjuk tuh ... for the first time aku coding .. aku tak pakai cara tuh

.. so kevin tuh just gunakan coding tuh sebagai contoh utk menunjukkan betapa unsecurenya nya jerlah ...

itulah pendapat aku.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Freelance write for article re-write project	neverknow1	Looking To Hire	3	07-10-2007 10:55 AM
Write a Slogan, Win a Tee Shirt	TheEditor	Other Webmaster-related Services and Promotion	0	23-12-2006 01:26 AM
Write To A File	koisempoi	Website Programming	3	07-05-2005 06:15 PM
How to write a privacy statement ?	lcf	Mamak Stall	2	27-04-2005 10:30 AM
I Write Free PHP Script!	lcf	Job Vacancies	11	02-03-2004 04:12 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)