Possible Duplicates:
What security issues should I look out for in PHP What should a developer know before building a public web site?
The project i was working on is nearly complete and near launching, but I want to make sure it is hack-proof as mine friend/partner thinks we have some enemies those can hire smart hackers to make the site down.
And if running my site securely under HTTPS, will help , will it be hard on CPU if I have a lot of users ?
Please tell me all security checks that are needed.
i want to make sure it is hack-proof
You can't.
we have some enemies those can hire smart hackers to make the site down
You're screwed.
Please tell me all security checks that are needed.
That's a larger topic than even an SO answer should reasonably cover.
A couple suggestions:
1) Make sure and suppress errors; hackers can learn a lot about your application by being able to see them
2) Have good permissions set on your server for your web application; if a hacker is able to compromise a process on your server, they'll have a harder time using/accessing other folders/files
3) I don't know that https helps against hackers, except to the point that it will hide data transferred between the client and server (so that really depends on what your application is doing as to whether or not it is necessary)
Stay away from eval and exec unless you know what you're doing, use mysql_real_escape_string every time any variable that could even possibly be influenced by a third party is being put into a query, use proper file/folder permissions, don't let include() use user data (Get, post, cookie data)... There are hundreds of other things but honestly if you think someone is going to hack your site and you make a post here asking such a vague question - it's going to happen, period. You need to hire someone to do a security audit if it's that big of a concern.
So far everyone has made a good point - listen to them. Also putting error_reporting(0); in your code, as Matthew suggested for instance, takes away one of the easiest ways of finding vulnerabilities in a site.
Modify the php.ini to include the settings in the list below. This is not the complete list, but should be fair enough.
register_globals = Off
allow_url_fopen = Off
display_errors = On
log_errors = On
html_errors = Off
expose_php = Off
safe_mode = On
disable_functions = show_source,
system,
shell_exec,
passthru,
exec,
phpinfo,
popen,
proc_open
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论