Security in PHP

PHP Security

PHP Security

PHP is a very flexible language. But sometimes this flexibility creates security flaws because of improper use of it. I had just read an article “Top 7 PHP Security Blunders” by Pax Dickinson. It shows top 7 mistakes or flaws that may break site security.

“Security is a process, not a product, and adopting a sound approach to security during the process of application development will allow you to produce tighter, more robust code.” – Pax Dickinson

In this article the author has shown how PHP application be infected and how to protect it. He has described the followings with reference to different articles:

  • Unvalidated Input Errors
  • Access Control Flaws
  • Session ID Protection
  • Cross Site Scripting (XSS) Flaws
  • SQL Injection Vulnerabilities
  • Error Reporting
  • Data Handling Errors
  • Configuring PHP For Security

I found this article knowledgeable. Hope you will like it. You may read it from here

I want to conclude with lines from this article…

“…there are many things to be aware of when programming secure PHP applications, though this is true with any language, and any server platform. PHP is no less secure than many other common development languages. The most important thing is to develop a proper security mindset and to know your tools well…”


Tags: ,

categories PHP


  • By Arafat Rahman, September 28, 2008 @ 11:08 am

    I agreed with Pax Dickinson. PHP is not a less secured language. We should be aware of many common things when developing a php application.

    By the way, you implemented reCAPTCHA in this blog, some times reCAPTCH generates very difficult text to read. Better you use Akismet.

  • By Mohammad Sajjad Hossain, September 29, 2008 @ 3:56 pm

    Thanks Arafat for your suggestion. I am using Akismet also.

    You can see now I have deactivated the reCAPTCHA plugin. But it will increase the number of spams. No worry Akismet is there. 😉

Other Links to this Post

RSS feed for comments on this post.

Leave a comment