Even when doing everything correctly, it’s still possible to build PHP applications that are insecure. Security requires constant vigilance. One thing you always have to keep your eye on is any script or form that sends an email based on use input.
哪怕是在建立PHP程序时每样工作都做的很到位还是有可能出现安全问题。安全需要做到时刻警觉。有个东西是需要你必须注意的,那就是任何基于 input 发送邮件的脚本或是表单
Many applications written in PHP use the built-in mail() function to respond […]
Sometimes it’s the simplest ideas that are the most powerful. This one sounds simple but I’m always surprised at how few people understand and actually implement this idea.
有些时候看似最为简单的想法其实却非常有力(有效)。这听上去简单,但只有那么少数人了解并实际应履行了这些想法(的现状)多少让我有点惊讶。
Withing PHP security topics, there is always more than one way to accomplish a task. Many times it’s by combining tactics that we achieve the best security. We’ve already talked about filtering but beyond filtering we still need to be vigilant and validate input coming in from a user. This brings us to our PHP […]
Today’s Security tip comes from Kevin Schroeder and the bright young minds over at Zend Professional Services.
今天的安全技巧来自于凯文施罗德以及他在Zend专业服务中年轻有为的心。
When using session_regenerate_id() to protect against session fixation it’s usually a good idea to remove the old session ID.
当使用session_regenerate_id() 来防止session的固定照平常消除旧的session ID是个不错的想法
