Chapter 12. Security and Logging
I've reserved this last chapter to discuss the topics of security and logging. The applications you write are obviously intended to be used by others. Rarely do they exist in a vacuum and as such it is important to understand the security issues that face all PHP developers.
The aim of security is to prevent the misuse of your application in a way that could compromise data or even the system itself and minimize the effects if such a compromise were to happen. Logging can help support this by tracking usage and changes.
This chapter is a bit different from the previous ones in that I won't provide you with much reusable code in this chapter. Instead, I offer you the background necessary to develop your own. In this chapter you will gain an understanding of the following:
Cross-site scripting (XSS)
Path traversal
Injection
Weak authentication
You will also learn how to prevent accidental deletion of records in a database and conveniently log INSERT, UPDATE and DELETE queries.
Just because this chapter has been placed last in the book, don't think that security should be treated as an after-thought. Good programmers can protect their applications by keeping security in mind at all times.
Get PHP and MySQL®: Create-Modify-Reuse now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
