Cryptography is the process of changing the format of data
(i.e., encrypting it) so that it is more difficult to read. Some cryptography,
such as PGP, available for free for public use from http://www.pgp.com, uses public and private keys
in order to encode and decode information. Other cryptographic systems, like the
crypt() function built into PHP will encrypt data but will not decrypt
it. You can find out more about crypt() within the Strings section of the PHP manual.
Cryptography is just a part of a secure solution as it can only
be used once data has been received by the server. You may also need to take
advantage of SSL connections in your Web sites. SSL, which stands for Secure Sockets Layer, is
a method of securely transmitting information between a client (the Web browser)
and the server. Utilization of SSL connections (indicated by the https://prefix in a URL) is a must for e-commerce
applications. You can also specify that cookies are sent over a SSL connection
by setting the proper parameters when using the setcookie function.
Check with your ISP or server administrator to see if SSL connections are
supported on the machine you are using.
Passwords used within your PHP application should always be
encrypted. If the server you are using does not support mcrypt(), use
crypt() to encrypt the password entered
during the login, then check this against the stored encrypted password.
While PHP does not have the same security concerns that you
might find using CGI scripts or ASP, they still exist. There are a several
considerations to keep in mind while programming.
The first recommendation I would make is that files which
contain sensitive information such as passwords be placed outside of the Web
document root. Every Web server application uses a folder as the default root
for Web documents. Items within the folder can be accessed via a URL but items
located above the default folder cannot be. However, they can still be used
within PHP with the line:
require ("../secure.php");
The above line of code will include the file
secure.php which is located one folder above the current document.
My second recommendation is a two-parter involving getting user
submitted data from HTML forms. First you should always remember to use the POST
form method (as opposed to GET) when transferring sensitive information. This is
because the GET method will append the submitted data to the URL, making it
visible in the Web browser window.
Second, you should be wary of user-submitted data because it
can be a common loophole through which malicious users can wreak havoc with your
system. Clever people may be able to insert JavaScript or executable code into
your site using an HTML form. This code could send them sensitive information,
alter databases, and so forth.
If you will be doing more than just basic Web development work,
you ought to seriously consider learning more about Web security than the few
points illustrated in this appendix.
There are literally dozens upon dozens of Web sites you can
visit to keep yourself informed of pertinent security issues. The most prominent
four, in my opinion, are:
-
Computer Response Emergency Team http://www.cert.org
-
Security Focus http://www.security-focus.com
-
Packet Storm http://packetstorm.securify.com
-
World Wide Web Consortium http://http://www.w3.org/Security/Faq/www-security-faq.html
There are also any number of books available ranging from those
that generically discuss security to those that will assist in establish secure
Windows NT or Linux Web servers.
With respect to PHP, do not forget to read the PHP manual's
section on security. Also review the security section of the documentation for
the database you are using on the server. Some, such as MySQL's manual, includes
tips specifically with respect to using PHP and MySQL.
