O'Reilly logo

Learning PHP and MySQL by Jon A. Phillips, Michele E. Davis

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 14. Security

Once your code is working, you may be tempted to think that you're done with it. In reality, you may have some security issues that don't affect normal usage but still provide an opening for an attack. The unfortunate reality of web-accessible applications is that they're only as secure as their weakest link. Therefore, you must be conscious of security on every level, from the database to the web server and the PHP processing itself.

Although you can't make every system truly unbreakable, you can perform the equivalent of dead-bolting doors and locking windows. If you make your system difficult enough to compromise, then it's generally not worth a hacker's effort, though keep in mind that some may still try. We've had our own server locked up from hackers trying to get in, or boatloads of spam that cause the server to belch and stop working temporarily.

We're going to reiterate some of the security concepts that we discussed while learning the basics of PHP and MySQL. That reduces the risk that you'll build a site without reading about security and so will end up with an easily compromised site. We'll also expand on those topics to give you some more options for making hackers' lives difficult and your life easier.

Limit Access to Administrative Pages

When installing software packages that include a control panel or setup script, you should always either change the script's directory or, in the case of setup scripts, remove them after you're done installing. These ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required