Security

• Introduction
• General considerations
• Installed as CGI binary
  • Possible attacks
  • Case 1: only public files served
  • Case 2: using cgi.force_redirect
  • Case 3: setting doc_root or user_dir
  • Case 4: PHP parser outside of web tree
• Installed as an Apache module
• Session Security
• Filesystem Security
  • Null bytes related issues
• Database Security
  • Designing Databases
  • Connecting to Database
  • Encrypted Storage Model
  • SQL Injection
• Error Reporting
• User Submitted Data
• Hiding PHP
• Keeping Current