|
This document explains guidelines for PHP programmers on how to create secure code.
If you are a template designers or an end user you might want to try these documents instead.
Passwords
Storing passwords should be done by creating a non-reversible hashed version of it. A very
good method for creating hashed versions is to use the MD5 Message-Digest Algorithm.
The password is fed to the md5 function with the username and a unique
id for the site. This ensures that two users with the same password cannot be spotted in the DB tables,
not even across sites*.
Note: Make sure that the supplied username and password are sent using SSL when submitting a form. Otherwise
it's possible to sniff the traffic of a site and fetch the username/password.
MD5 example
Implementation
This method has been implemented in the eZUser datatype. See kernel/classes/datatypes/ezuser/ezuser.php for more details.
Input validation
All input from the user should be validated before storing it. For instance when expecting
integer or date data always check to see if it is actually of the wanted type, if not
issue a warning to the user. The input may then be converted to a more reasonable state, for instance
dates should be converted to integers, but do not perform any escaping of text or similar text washing.
When the input is valid and in an acceptable form, store it as it is.
Reasons for not escaping input data
- The data may not only be used for HTML output but may be sent to other clients which require them in their original form.
- There's no way to know if the data is escaped or not after it has been saved, this means that inputting data from other sources than HTML needs escaping as well.
value(); // Returns integer value
'
) );?>
References
| 
