Chapter 5: Considering PHP Security
In This Chapter
Securing the Server and the Apache web server
Configuring PHP securely
Handling errors safely
Sanitizing variables
As a web developer, you need to ensure that your web application is secure. If you’re also performing administration duties on the server, then you need to secure the server as well. Securing the application means making sure any and all inputs from users are sanitized, or checked, against values that you know are good and not allowing any input into the program unless you’ve programmatically checked it. Securing the server means attempting to keep the web application in its own virtual sandbox, so that if the server is compromised the damage is limited.
This chapter discusses security for web applications. You look both at server security and application security.
Securing the Server
The server itself should be secured. This usually means hardening the server and ensuring that the server uses a firewall.
Hardening the server
Typically this means hardening the operating system by uninstalling unnecessary services. ...