[翻译]PHP安全小建议(上)
| en used as part of an overall strategy, is a good thing. There’s no sense in making things any easier for those with malicious intent. That brings us to our security tip for the day.
Give files and folders with critical information non-default names. Don’t rely on obscure names to keep your application safe. You should always check permissions, test for vulnerabilities with testing tools and keep an eye on your log files for suspicious activity. When designing your applications and web sites though, don’t make it easy for bad people to do bad things. Don’t use default or common names for your files and directories. Do you have a security tip you would like to share? A nugget of security truth you have gleaned through research or life’s school of hard knocks? Log-in and click the contribute button in the upper right hand corner. ------------------------------------------------------------------------------ PHP安全建议#4 正如谚语所说," 使用隐藏信息来保证安全不能从根本上起到安全作用(Security through obscurity is no security at all.)",然而在另一方面,隐藏信息,作为安全整体战略的一部分却是一件好事,为那些怀有不轨之心的家伙把事情变得简单毫无意义,从这里引申出我们今天的安全小建议。 不要企图依赖晦涩的命名来保持应用程序的安全,你应该经常检查权限,使用测试工具检查隐患,留心可疑活动的日志文件。尽管如此,在设计应用和网站时,也不要为有不轨之心的人做坏事提供简便的机会。文件或目录不要使用默认的或者通用的命名。 你是不是也有想要分享的安全小建议呢? 通过研究得到的黄金信条,还是现实生活里碰钉子后的经验教训? 欢迎登录后点击右上角的贡献按钮和我们分享。 ------------------------------------------------------------------------------ PHP Security Tip #5 Cal Evans (editor) | 1 comment | Wednesday, March 7, 2007 PHP security is an ongoing mission requiring the programmer to think outside of the parameters of the application. It’s not enough these days to say in your mind “Does this do what I want it to do?” you also have to take into consideration “What else can people use it for and do I want to allow that?” Today’s Security tip is a proverb that all programmers should have to recite daily. Never trust the user. It’s a sad fact of life but users are evil. Users want nothing more than to find a way to exploit your application. As soon as you let your guard down and start thinking “I’m only selling small stuffed animals so how evil can my users really be?” you’ve lost the battle. Ok, maybe it’s not quite that dire but you do have to keep a wary eye on some of your users. That’s where the second proverb that all programmers should recite daily comes in. Filter Input, Escape Output Yes, FIEO (ok, it’s not as cool sounding as GIGO) is one of the mantras that all security minded programmers have live by. ------------------------------------------------------------- |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |
