O'Reilly logo

Building PHP Applications with Symfony™, CakePHP, and Zend® Framework by Leszek Nowak, Karol Przystalski, Bartosz Porebski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Security

Knowledge is power. Guard it well.

Warhammer 40,000: Dawn of War

WHAT'S IN THIS CHAPTER?

  • Setting secure SSL connections

  • Defending against XSS injection attacks

  • Securing forms against CSRF session hijacking

Security enforcement is one of the best things that frameworks have to offer. While basic functionalities of a web application are mostly straightforward and obvious, proper dealing with security takes a lot of work and knowledge. This is also very responsible work. When you mess up something trivial like mailing, this error shows right away, and you can fix it before the application is launched. On the contrary, when there is a hole in security, it remains completely unseen until somebody exploits it; then the damage may be catastrophic.

When you are an inexperienced programmer, frameworks do a great job of taking care of the best security practices for you. If you are a professional, they are still valuable because they save you from writing a lot of not really exciting fragments of code. This chapter takes a closer look at various security problems like setting safe HTTPS connections that allow sending vulnerable data. Next we'll show how to defend against a cross-site scripting (XSS) attack that injects malicious code into a website, and a cross-site request forgery (CSRF) that hijacks the security context of an inconspicuous user.

SETTING SECURE CONNECTIONS

In most cases, sending unsecured data is a normal behavior, but when an application has more to do with ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required