I am going explain about some of the security measures that you have to note for securing your php.

Configure your php.ini

php.ini is the configuration file of PHP. Its has a number of variables. You can set the values of these variables for making your php scripts more secure. Here am explaining some of the them.

1) display_errors

Disable the display_errors is the first thing. If it is ' On ' the errors on execution will be displayed to the user's browser window. So the user can get an idea about the table structure and directory structure. You can avoid this by disabling display_errors in php.ini

Usage : display_errors=OFF


2) safe_mode
safe_mode is more relevent in a shared server environment. If safe_mode is enabled it will check a UID/GID comparison check on the file/directory to be accessed and compare it to the uid/gid of the script that is trying to access the file. If that are same it will allow the file access if not it will block the access. If you want to compare only GID then you can enable " safe_mode_gid" value in php.ini .

3)sql.safe_mode

Make sql.safe_mode as Off. If it is on mysqli_connect() and mysql_connect() will connect to mysql with default username and password.

4)magic_quotes_gpc

Enable magic_quotes_gpc so that you can make your user inputs secure. It work s same as addslashes() function. It will add a backslash (\) with every single quotes, double quotes.

5)safe_mode_allowed_env_vars and safe_mode_allowed_env_vars

These two variables will protect environment variables from changing using user php scripts. The field safe_mode_allowed_env_vars contains a list of prefixes that identify the names of the environment variables the user is allowed to change. So that environment variables which are not starting with one of them defined in safe_mode_allowed_env_vars cannot be modified.

Another configuration safe_mode_protected_env_vars will set the names of environment variables that the user is not allowed to modify even if it is present in safe_mode_allowed_env_vars.

6)disable_functions

This will allow you to disable the insecure functions such as shell_exec, system,exec.

Take your own logical measures

Besides all these you can take your own security measures while writing php scripts. For example always store your passwords as hashed values. PHP has inbuilt hashing function named md5() and sha1 . md5() is a 128-bit and sha1() is a 160-bit hashing algorithm. If you use this hashing techniques you can save your passwords and important data from hackers even though your databases are compromised.

Always test your codes for different type of inputs and search for any security flaws. Keep in mind that every user input to your php scripts can be malicious. We cannot make our scripts a perfect one but always try for that.

__________________
V.Vadivelan

There never a wrong time to do the right thing.

is really useful for me, I am glad to read it here.

__________________
business cards printing

PHP is a computer scripting language. Originally designed for producing dynamic web pages, it has evolved to include a command line interface capability and can be used in standalone graphical applications.

___________________

womens perfume Sexual Predators

PHP is a widely-used general-purpose scripting language that is especially suited for web development and can be embedded into HTML. It generally runs on a web server, taking PHP code as its input and creating web pages as output. It can be deployed on most web servers and on almost every operating system and platform free of charge.

_________________

online betting gourmet food

Besides all these you can take your own security measures while writing php scripts. For example always store your passwords as hashed values. PHP has inbuilt hashing function named md5() and sha1 . md5() is a 128-bit and sha1() is a 160-bit hashing algorithm. If you use this hashing techniques you can save your passwords and important data from hackers even though your databases are compromised.

__________________
vaporizer review