7.3. Other Considerations
Aside from issues immediately impacting the code you write or how your server is configured, there are a handful of other issues that must be considered during the design, development, and maintenance of your application.
One of the easiest issues to address is that of keeping your system current and updated with all the latest patches. If your operating system has an automated method for updating core system software, it's usually a good idea to take advantage of it. Many recent web server exploits have actually exploited flaws in older versions of the software—virus and worm writers often use vendor-published information about recent server patches to write their own malicious code they know will affect older versions.
Another group that should also not be overlooked when updating the system are the PEAR and PECL packages installed with PHP. Both are easily updated with one simple command: pear upgrade-all. The key is remembering to run the command at regular intervals, or better yet, add it as a cron job.
When coding your applications, there are a couple of small things you can do to help reduce the likelihood of a register_globals exploit or SQL injection attack. First, make sure you initialize all variables before use; that way there's no chance that a form or querystring variable can sneak in. Second, make sure you turn off any error reporting output on the production web servers. By disabling the display of error messages, no sensitive information ...
Get Professional LAMP: Linux®, Apache, MySQL®, and PHP5 Web Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
