\n- Do not store sensitive information in Cookies<\/li>\n
- Instead of cookies, store sensitive information in Sessions<\/li>\n
- Sessions can also be hacked though safer than cookies<\/li>\n
- PHP session id is pretty random; so in general this is not a problem.<\/li>\n
- Reducing the session security problem: determine current user is the one who originally initiated session. if not, deny access<\/li>\n
- Regenerate session ids after login, on initialization<\/li>\n
- Change the session variable name and the path to save [session_save_path(), session_name (“xyz”) ]<\/li>\n
- Reduce session runtime [session.gc_maxlifetime]<\/li>\n
- use SSL [force users to use SSL]<\/li>\n
- do not use .inc files and do not keep php code inside them<\/li>\n
- Do not use dynamic file path for require and include<\/li>\n
- Do not use relative file path [use absolute file path]<\/li>\n
- Do not trust user input to prevent XSS<\/li>\n
- use htmlspecialchars(). strip_tags(), htmlentities() on the user input<\/li>\n
- To prevent Cross-site Request Forgeries (CSRF), check $_SERVER [‘HTTP_REFERER’]<\/li>\n
- You may want to use token in your session to prevent CSRF. Re-authenticate for sensitive operations<\/li>\n
- When you use third party tools, do not install them in their default loation<\/li>\n
- When error situation occurs in your code, just stop<\/li>\n
- Use authorization to allow a user the minimal right he\/she needs<\/li>\n
- Double check where you are using eval()<\/li>\n
- use mysql_real_escape_string() on the user provided data to be used in Databasequeries<\/li>\n
- Use prepared statements or stored procedures<\/li>\n
- Double verify the data types. do not accept string where the data has to be integer [ctype_digit()., filter_var() do not use is_int() and is_numeric()]<\/li>\n
- Keep log files and check your log files time to time<\/li>\n
- do not display detail error messages in your live site. But you can log the erros for your own checking<\/li>\n
- do not use standard login names such as administrator, root<\/li>\n
- do not put your administration module under folder named admin<\/li>\n
- You can even use a different file extension other than .php [but not .inc]<\/li>\n
- Stop spamming using your contact form. Validate email address. use filter_var()<\/li>\n
- encrypt sensitive information<\/li>\n
- initialize variables when first declared<\/li>\n
- Disable register_globals in php.ini<\/li>\n
- do not use $_REQUEST, instead use $_GET and $_POST<\/li>\n
- When developing use E_ALL to know all the possible errors. but turn off E_ALL in live site<\/li>\n
- Type Cast and verify data. Only allow the appropriate data type<\/li>\n
- use ctype_alnum(), ctype_alpha(), ctype_xdigit()<\/li>\n
- Use htmlspecialchars() and htmlentities() more than using strip_tags()<\/li>\n
- SQL escaping (to prevent SQL Injection): mysql_escape_string(), mysql_real_escape_string(), pg_escape_string(), pg_escape_bytea(), sqlite_escape_string()<\/li>\n
- to avoid double escaping use get_magic_quotes_gpc()<\/li>\n
- Session security technique: compare with the browser signature headers. if no match, destroy the session.<\/li>\n
- for shared hosting use the following two php.ini directives properly: open_basedir, safe_mode<\/li>\n<\/ul>\n
From: http:\/\/sitestree.com\/?p=5336
Categories:16
Tags:
Post Data:2013-05-05 00:07:23<\/p>\n
Shop Online: <a href='https:\/\/www.ShopForSoul.com\/' target='new' rel=\"noopener\">https:\/\/www.ShopForSoul.com\/<\/a>\n (Big Data, Cloud, Security, Machine Learning): Courses: <a href='http:\/\/Training.SitesTree.com' target='new' rel=\"noopener\"> http:\/\/Training.SitesTree.com<\/a> \n In Bengali: <a href='http:\/\/Bangla.SaLearningSchool.com' target='new' rel=\"noopener\">http:\/\/Bangla.SaLearningSchool.com<\/a>\n <a href='http:\/\/SitesTree.com' target='new' rel=\"noopener\">http:\/\/SitesTree.com<\/a>\n 8112223 Canada Inc.\/JustEtc: <a href='http:\/\/JustEtc.net' target='new' rel=\"noopener\">http:\/\/JustEtc.net (Software\/Web\/Mobile\/Big-Data\/Machine Learning) <\/a>\n Shop Online: <a href='https:\/\/www.ShopForSoul.com'> https:\/\/www.ShopForSoul.com\/<\/a>\n Medium: <a href='https:\/\/medium.com\/@SayedAhmedCanada' target='new' rel=\"noopener\"> https:\/\/medium.com\/@SayedAhmedCanada <\/a>\n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"PHP Security – Guidelines Do not store sensitive information in Cookies Instead of cookies, store sensitive information in Sessions Sessions can also be hacked though safer than cookies PHP session id is pretty random; so in general this is not a problem. Reducing the session security problem: determine current user is the one who originally … <\/p>\n
Continue reading<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1917],"tags":[],"class_list":["post-70107","post","type-post","status-publish","format-standard","hentry","category-fromsitestree-com","item-wrap"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":62821,"url":"http:\/\/bangla.sitestree.com\/?p=62821","url_meta":{"origin":70107,"position":0},"title":"PHP Security – Guidelines #PHP","author":"Author-Check- Article-or-Video","date":"May 21, 2021","format":false,"excerpt":"This actually is a pretty old short note and was brought from: http:\/\/salearningschool.com\/displayArticle.php?table=Articles&articleID=1357&title=PHP%20Security%20-%20Guidelines Do not store sensitive information in Cookies Instead of cookies, store sensitive information in Sessions Sessions can also be hacked though safer than cookies PHP session id is pretty random; so in general this is not a\u2026","rel":"","context":"In "FromSitesTree.com"","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":70053,"url":"http:\/\/bangla.sitestree.com\/?p=70053","url_meta":{"origin":70107,"position":1},"title":"PHP What to Learn? When are you an Expert? #16","author":"Author-Check- Article-or-Video","date":"August 24, 2021","format":false,"excerpt":"Check your PHP KnowledgeDo you know all of the following concepts? If not - why don't you learn? Know all of them and claim yourself to be an expert in PHP. How to go about learning? First know all the concepts. Then go to the details of each topic. Learning\u2026","rel":"","context":"In "FromSitesTree.com"","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":78354,"url":"http:\/\/bangla.sitestree.com\/?p=78354","url_meta":{"origin":70107,"position":2},"title":"Client and Server Side State Management in C# (ASP.Net)","author":"Sayed","date":"August 5, 2025","format":false,"excerpt":"By AI: Here\u2019s a copyright-free, blog\/Facebook-friendly explanation of Client-side and Server-side State Management in C#\/.NET, along with techniques under each category. You can freely copy and use it. \ud83c\udf0d Client-side vs Server-side State Management in C#\/.NET In C# and .NET applications\u2014especially in web development like ASP.NET\u2014state management helps maintain data\u2026","rel":"","context":"In "C# - Misc"","block_context":{"text":"C# - Misc","link":"http:\/\/bangla.sitestree.com\/?cat=1973"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":76369,"url":"http:\/\/bangla.sitestree.com\/?p=76369","url_meta":{"origin":70107,"position":3},"title":"Solution that worked for the issue: Your current session has been expired. for Magento2","author":"sayedjustetc","date":"November 17, 2024","format":false,"excerpt":"Solution that worked for the issue: Your current session has been expired. for Magento2 cat shell-scripts\/temp.sh# fix misc issues, can be routine sudo php bin\/magento maintenance:enable#sudo rm -rf var\/cache\/#sudo rm -rf generated\/sudo chmod +x bin\/magentosudo php bin\/magento setup:upgrade#sudo php bin\/magento setup:static-content:deploy -fsudo php bin\/magento setup:di:compilesudo php bin\/magento indexer:reindexsudo php bin\/magento\u2026","rel":"","context":"In "Root"","block_context":{"text":"Root","link":"http:\/\/bangla.sitestree.com\/?cat=1"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":78352,"url":"http:\/\/bangla.sitestree.com\/?p=78352","url_meta":{"origin":70107,"position":4},"title":"State in .Net (C#, ASP.Net)","author":"Sayed","date":"August 5, 2025","format":false,"excerpt":"From AI: Certainly! Here's a copyright-free, blog and Facebook-ready version of the explanation on State Management in C#\/.NET. You can copy, paste, and share this freely on your blog, website, or social media. No attribution is required (but you're welcome to add your name or page if you like). \ud83c\udf10\u2026","rel":"","context":"In "C# - Misc"","block_context":{"text":"C# - Misc","link":"http:\/\/bangla.sitestree.com\/?cat=1973"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":78362,"url":"http:\/\/bangla.sitestree.com\/?p=78362","url_meta":{"origin":70107,"position":5},"title":"Cookies in C#","author":"Sayed","date":"August 5, 2025","format":false,"excerpt":"By AI: Here\u2019s a clear, blog- and Facebook-ready explanation of Cookies in C# (ASP.NET) with their pros and cons, including examples. You can freely copy, share, or repost it anywhere. \ud83c\udf6a Cookies in C# ASP.NET \u2013 Pros and Cons In web development with ASP.NET, cookies are used to store small\u2026","rel":"","context":"In "C# - Misc"","block_context":{"text":"C# - Misc","link":"http:\/\/bangla.sitestree.com\/?cat=1973"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/70107","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=70107"}],"version-history":[{"count":0,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/70107\/revisions"}],"wp:attachment":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=70107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=70107"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=70107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}