Security

Table of Contents

• Introduction
• General considerations
• Installed as CGI binary
  • Possible attacks
  • Case 1: only public files served
  • Case 2: using cgi.force_redirect
  • Case 3: setting doc_root or user_dir
  • Case 4: PHP parser outside of web tree
• Installed as an Apache module
• Session Security
• Filesystem Security
  • Null bytes related issues
• Database Security
  • Designing Databases
  • Connecting to Database
  • Encrypted Storage Model
  • SQL Injection
• Error Reporting
• Using Register Globals
• User Submitted Data
• Magic Quotes
  • What are Magic Quotes
  • Why did we use Magic Quotes
  • Why not to use Magic Quotes
  • Disabling Magic Quotes
• Hiding PHP
• Keeping Current