Chapter 12. Security
The Internet is not a safe place, thanks to a small percentage of its users who feel the need to attack other users electronically. The reasons for the attacks varyâ sometimes it is for monetary gain, where attackers find holes in your code that they can exploit to their advantage, and other times it is just for fun.
If your PHP scripts run on an Internet-facing server, they are accessible to hackers and you need to take extra care. Many PHP projectsâparticularly the larger ones, such as PostNukeâhave had major exploits published that allow hackers to take control of a web server remotely. This chapter contains tips and advice to help you avoid falling victim to the next hacker that comes your way.
Security Tips
The easiest way for hackers to find holes in your web site is to scan for strings that give away a known vulnerability. This can be done with a client-side tool that simply hits IP addresses again and again until it finds something it recognizes, but many modern hackers utilize Google to search for data.
As a result, it has never been more important to keep a tight control over what files are on your web site and what information you give to visitors.
Put Key Files Outside Your Document Root
Your document root is the root directory of your web server. That is, if your site is example.com, the root directory would be the directory that http://www.example.com/ points to. For example, on Linux this is often /var/www/html, and on Windows this is often ...
Get PHP in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
