PHP developers cannot leverage PHP 5′s full potential without dropping support for PHP 4, but PHP 4 is still installed on a majority of shared web hosts and users would then be forced to switch to a different application. Web hosts cannot upgrade their servers to PHP 5 without making it impossible for their users to run PHP 4-targeted web apps, and have no incentive to go to the effort of testing and deploying PHP 5 while most web apps are still compatible with PHP 4 and the PHP development team still provides maintenance support for PHP 4. The PHP development team, of course, can’t drop maintenance support for PHP 4 while most web hosts still run PHP 4.
Tags: web apps, php developers, web hosts, maintenance support, php development, application web, php 4, leverage, servers
Posted on Friday, July 6th, 2007
Under: Community, PHP | 2 Comments »
The Open Web Application Security Project released a helpful document that lists what they think are the top ten security vulnerabilities in web applications.
These vulnerabilities can, of course, exist in PHP applications. Here are some tips on how to avoid them. I’ve included related links and references where relevant.
1. Unvalidated Parameters
Most importantly, turn off register_globals. This configuration setting defaults to off in PHP 4.2.0 and later. Access values from URLs, forms, and cookies through the superglobal arrays $_GET, $_POST, and $_COOKIE.
Before you use values from the superglobal arrays, validate them to make sure they don’t contain unexpected input. If you know what type of value you are expecting, make sure what you’ve got conforms to an expected format. For example, if you’re expecting a US ZIP Code, make sure your value is either five digits or five digits, a hyphen, and four more digits (ZIP+4). Often, regular expressions are the easiest way to validate data:
Read the rest of this entry »
Posted on Friday, July 7th, 2006
Under: Code, Community, PHP | No Comments »
![[FSF Associate Member]](http://syntux.net/blog/fsf.png){kind=small}