Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>Here are some of the things:</p> <ul> <li>Disable functions like <code>eval</code>, <code>passthru</code>, <code>shell_exec</code>,etc</li> <li>Remote url injection, disable <code>allow_url_fopen</code></li> <li>Disable <code>register_globals</code></li> </ul> <p>And don't forget:</p> <ul> <li>You are responsible too. Write secure code, read security tutorials out there.</li> </ul> <p><strong><a href="http://phpsec.org/projects/guide/" rel="nofollow noreferrer">PHP Security Guide</a></strong></p> <p>Finally as suggested by Rook, you should run:</p> <p><strong>PHPSecInfo</strong> script to see security settings of your host.</p> <p><a href="http://phpsec.org/projects/phpsecinfo/" rel="nofollow noreferrer">http://phpsec.org/projects/phpsecinfo/</a></p> <p><strong>For webhosts and Development Teams</strong></p> <p>In development environments make sure you have appropriate coding standards. If you feel you are hosting insecure code which you did not write, consider installing a Web Application Firewall. Also consider steps to prevent bruteforce attacks (for example if you are hosting popular CMS tools), an Intrusion Prevention System like Fail2Ban can help you do this. A lot of these issues are covered in this talk <a href="https://northernoptic.com/2015/09/10/the-lead-developer-lightening-talk-practical-web-security-junade-ali/" rel="nofollow noreferrer">Practical Web Security – Junade Ali</a>, the video of the talk is <a href="https://vimeo.com/139608340" rel="nofollow noreferrer">here</a>.</p> <p>For PHP you can also consider using <a href="https://suhosin.org" rel="nofollow noreferrer">Suhosin</a> which adds a number of security features to the PHP core. Be careful installing it first and test your sites afterwards to ensure it doesn't break anything.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload