[翻译]PHP安全小建议( 下)
---------------------------------------------
PHP Security Tip #14 Cal Evans (editor) | 2 comments | Wednesday, March 21, 2007 Almost any application running PHP on the back-end uses web technologies for it’s front end. Many developers who think hard on PHP security, don’t spend a thought on front-end security for their application. Here’s a tip to think long and hard about when building your HTML and JavaScript. Any data inside of a cookie can be potentially seen by others- restrict to a minimum It’s a sad fact on today’s web but there are bad people out there. They want nothing more than for your application to leak sensitive data so they can exploit it. Make sure you look at the whole picture when evaluating the security of your application. This is very important when looking at what information you persist on the front end. ------------------------------------------------------------------------------ PHP安全建议#14 差不多所有PHP程序都是运行PHP作为后端,使用web技术作为前端,很多开发者对PHP安全思考了很多,却从来没想过它们前端应用的安全。这里的建议是:当你构造HTML和JavaScript时,你应该思考得更长远和深入些。 任何保持在Cookie里面的信息都有可能被其他人所看到——尽量把这些信息控制到最少 今天的web界有一个很悲哀的事实,有些不怀好意的人出没其间,他们只想让你的应用程序泄露敏感信息,然后破解它,当你评估应用程序的安全时,务必观察全局。非常重要的一点是看看你在前端保留了些什么。 ------------------------------------------------------------------------------ PHP Security Tip #15 Cal Evans (editor) | 5 comments | Friday, March 23, 2007 As developers, most of us are very messy. I’ve worked on countless projects and at each either run across or left a trail of diagnostic files laying around. (info.php, test.php, doMe.php, etc.) These tiles, if found by someone with nefarious intent, can leak valuable information about your system. Today’s Security tip is: Don’t forget to purge temporary system diagnostic files. It would be a shame to spend all that time securing your application only to leave info.php or worse yet, a “quick piece of code” in test.php that could potentially leak dangerous information about your system. Don’t help the ad guys any more than you have to. =C= p.s. Got a security tip? Post it! If it’s good enough we’ll share it with everybody else. Just log-in and click the contribute link in the upper right corner. ------------------------------------------------------------------------------ PHP安全建议#15 作为开发者,我们大部分的人都是非常肮脏的,我为无数项目工作过。每次都能发现或者留下一堆额外的诊断文件,随地乱放。像(info.php, test.php ,doMe.php等),这些文件,如果被某个怀有不良企图的人发现,将很有可能泄露系统的有用信息。 今天的安全建议是 不要忘记清除临时的系统诊断文件 在清理危害你的应用的这些文件时你可能会感到惭愧,看到那些留下来的info.php或者更 |
凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务,公司网站:http://www.lingzhong.cn 为了给广大客户了解更多的技术信息,本技术文章收集来源于网络,凌众科技尊重文章作者的版权,如果有涉及你的版权有必要删除你的文章,请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢! |