Do you know of a guide on how to idiot proof php for use on the public web?

4 views
Skip to first unread message

re...@mynetblog.com

unread,
Mar 1, 2017, 1:20:47 PM3/1/17
to
Do you know of a guide on how to idiot proof php for use on the public web?

I have great concerns about people XSS'ing my site or other serious stuff. My problem is that I assume everything is going to get attacked and am afraid to put any php where people can access it.

A very long time ago I had this CGI page to allow people to enter a URL they wanted to see and when they submitted the form it would display the link on a result page. I know this is very bad to do this type of thing now because of XSS vulnerabilities. However, I don't know about all the other hacks people use to exploit php.

I just recently found out about the proxy variable where people set a "proxy" variable in their request header that when sent to a CGI script turns into http_proxy environment variable. So, I blocked that. (I think.)

Attackers are actively scanning my site for vulnerabilities so I am fearful of putting anything on my site that they can attack because I know they will exploit any hole they find.

I only know how to write simple and short php scripts and some very basic SQL queries.
Reply all
Reply to author
Forward
0 new messages