General

ID #1003

Using PHP on your web site

By Jeff Leggett

PHP is a very popular scripting language that is especially suited to Web Development.  Numerous commercial and Open Source applications use PHP making it one of the most popular languages on the Internet today. PHP can be likened to a tool, however, and a tool in unskilled hands can be misused. Just like a carpenter can use his hammers, and saws and so forth to make a shoddy building, so too, can a PHP programmer write shoddy, insecure code. There is nothing insecure (generally) in PHP itself, it’s in its use that it can make web pages (and the servers that serve them) insecure.

This article points to a couple of the more popular PHP packages on the web, and what can be done to secure them, and then briefly discusses some basic PHP coding techniques to be aware of when writing your own code.

First though, some general advice for any and ALL applications you use on your Web site. 

Keep it up to Date
If you run third party applications you MUST subscribe to that packages mailing list (or regularly check its web site) for up to date versions. The developers of the more popular packages strive to keep their packages updated with the latest security fixes and improvements. This one point will save you hours of headaches should a hacker attempt to exploit your site. The VAST majority of hackers are not skilled enough to write exploit code themselves, so they scour the Net looking for the exploit code posted by the  relatively small number of people capable of writing it, then wrap it up in a script and point it at your (and others) sites hoping for a successful exploit.  And usually, when exploit code gets posted, so do the fixes (but not always).

Be Aware of Your SiteMake sure you keep up with your sites content and size. If overnight it’s doubled in size, you may have been exploited and now being used for warez or other things you didn’t intend (and be liable for!).  Peer1 provides tools for you to do this easily via your control panel, or if you are more technical, can easily be done  with a one line script.  For example, under Linux, run : # du –cks /your/www/dir | tail –1 | mail me@myemail.com This is a simple example, more robustness can be added as you need.

Keep a Back-up of all Data
Make sure you have the latest copy of all your content, including any Database data, OFF the web server in question. Should your server be exploited, or even go down for mechanical reasons, having a backup will again save you hours of headaches. If your site is large enough, having Philhosting.Net do your back-ups is a service we offer.

Tags: -

Related entries:

Last update: 2006-10-06 03:59
Author: Philhosting
Revision: 1.0

Digg it! Print this record Send to a friend Show this as PDF file
Propose a translation for Propose a translation for
Please rate this entry:

Average rating: 0 out of 5 (0 Votes )

completely useless 1 2 3 4 5 most valuable

You can comment on this entry