Set WeberTrivia.com to be my default homepage.   Suggest a Question                                               

Suggest A Question : :  Frequently Asked Questions : :  Search : :  Relevant Manuals : : 
PHP Questions : :  Linux Questions : :  MySQL Questions : :  		home  [ Login ] 
Log In
Email
Pass
Forgot Password?
New User, Register here.

Weber Sites
PHP Code Search
Web Development Resources
PHP & MySQL Code Examples
PHP Web Logs (BLogs)
PHP & MySQL Forums
Web Development Index
Web Site Templates
Web Development Manuals
Web Site Uptime Monitor
web development content

Relevant Manuals
PHP Manual
PEAR Manual
MySQL 5
MySQL 4.1.11
Apache 2
Apache 1.3.x

PHPClasses
Metaprogramming language
PHP Editor
PHP Jobs
Ajax Tutorials
Webmaster Resources
Web Templates
Webmaster Forum
Suggest your site



Forex Trading Online forex trading platform
Free Advertising
Search Engine Optimization - search engine optimization (SEO) and advertising specialist.
Research Papers - We are a team of professional writers.
More Info

PHP Manual
PrevChapter 15. SecurityNext

General considerations

A completely secure system is a virtual impossibility, so an approach often used in the security profession is one of balancing risk and usability. If every variable submitted by a user required two forms of biometric validation (such as a retinal scan and a fingerprint), you would have an extremely high level of accountability. It would also take half an hour to fill out a fairly complex form, which would tend to encourage users to find ways of bypassing the security.

The best security is often inobtrusive enough to suit the requirements without the user being prevented from accomplishing their work, or over-burdening the code author with excessive complexity. Indeed, some security attacks are merely exploits of this kind of overly built security, which tends to erode over time.

A phrase worth remembering: A system is only as good as the weakest link in a chain. If all transactions are heavily logged based on time, location, transaction type, etc. but the user is only verified based on a single cookie, the validity of tying the users to the transaction log is severely weakened.

When testing, keep in mind that you will not be able to test all possibilities for even the simplest of pages. The input you may expect will be completely unrelated to the input given by a disgruntled employee, a cracker with months of time on their hands, or a housecat walking across the keyboard. This is why it's best to look at the code from a logical perspective, to discern where unexpected data can be introduced, and then follow how it is modified, reduced, or amplified.

The Internet is filled with people trying to make a name for themselves by breaking your code, crashing your site, posting inappropriate content, and otherwise making your day interesting. It doesn't matter if you have a small or large site, you are a target by simply being online, by having a server that can be connected to. Many cracking programs do not discern by size, they simply trawl massive IP blocks looking for victims. Try not to become one.

PrevHomeNext
SecurityUpInstalled as CGI binary
Who's Online
Guest Users: 5
Google
Web
WeberTrivia
WeberDev
WeberForums
 Free Sample Chapters  Free Sample Chapters
  Deliver First Class Web Sites: 101 Essential Checklists
Want to learn how to make your web sites usable and accessible? Want to ensure that your sites meet current best practice, without spending hours trawling through incomprehensible specifications and recommendations from dozens of different books, research papers, and web sites? Want to make sure that the sites you build are "right the first time," requiring no costly redevelopments?

More Sample Chapters

PHP General