PHP method of securely Tips

PHP method of securely website

PHP Web security tips

Passwords used within your PHP application
 should always be encrypted. If the server you
are using does not support mcrypt(), use crypt() to
encrypt the password entered during the login,
then check this against the stored encrypted password.

Cryptography is just a part of a secure solution as it can
 only be used once data has been received by the server.


 You may also need to take advantage of SSL connections
 in your Web sites. SSL, which stands for Secure Sockets Layer,
 is a method of securely transmitting information between a
 client the Web browser and the server. Utilization of SSL
connections indicated by the https://prefix in a URL is a
must for e-commerce applications. You can also specify
that cookies are sent over a SSL connection by setting the
 proper parameters when using the setcookie() function.
Check with your ISP or server administrator to see if SSL
 connections are supported on the machine you are using.

Security Resources.




There are literally dozens upon dozens of Web sites you can
 visit to keep yourself informed of pertinent security issues. The most prominent four, in my opinion, are:

Computer Response Emergency Team (http://www.cert.org)

Security Focus (http://www.security-focus.com)

Packet Storm (http://packetstorm.securify.com)

World Wide Web Consortium (http://http://www.w3.org/Security/Faq/www-security-faq.html)

There are also any number of books available ranging from those that generically discuss security to those that will assist in establish secure Windows NT or Linux Web servers.

With respect to PHP, do not forget to read the PHP manual's
section on security. Also review the security section of the
documentation for the database you are using on the server.
 Some, such as MySQL's manual, includes tips specifically
 with respect to using PHP and MySQL.