5 Most Useful Tips For PHP 7 Security
- 5th June 2017
There is no doubt that PHP is one of the most popular programming languages and server scripting languages in use for the Web today. In spite of its popularity for web and application development there is a common myth that PHP including the latest version PHP 7 is not suitable in terms of security point of view. However this is not true and it offers robust security. Being in the field of PHP training we at PHP Kolkata provide below some of the security tips that you as a PHP developer can follow while developing PHP based applications.
Basic PHP Security tips to follow:
- Prevent access to administrative page
You would know that every web application has an administrative page. This is used for managing and configuring the app. Whenever you install a PHP-based app, you should remember to either change script’s default directory name and remove installation script. This will prevent the user from having an access to administrative page.
- Always protect your passwords in database
You must make sure that the passwords you store in your database are always in the encrypted format. This will ensure that even if anyone gets an access to your database, they will not be able to read any of the passwords. You should prefer using stronger encryption function as it will prevent a hacker to break your passwords.
- Include/require files
It has now become common practice of reusing codes, using includes or require file command in the script. However while you are using both these files in your script, make sure you save it with .php extension. If this is not done, then codes of that file may be exposed to the outside word. Moreover, if you forget or do not use .php extension, your file will not be processed .Thus all the file content will be returned if someone types path of that file. Also, putting include/require files in a non-root directory is a good way to prevent their access publicly.
- Protect session data from hijacking
Every time you log into your PHP web app, session data is generated. This session data has much sensitive information. Someone could easily misuse this to interrupt your session cookies. He could also use this information to access your account. The process to Use someone else’s id to get illegal access to users account is known as session hijacking. The best possible solution to this process is by the using super global variables. This could prevent Session hijacking in a big way.
- Creating separate database user
If there is a scenario wherein multiple PHP apps use same database server, then it is essential from security perspective the creation of separate user for each app. This will ensure that if any one of the apps is under suspicion, then other apps will not be affected. This will help to prevent any security related issues to some extent.
In conclusion we can say that if some of the above mentioned basic precautions are taken then the security aspects of PHP 7 can be taken care of.