Security,Issues,Php,Moderndays technology Security Issues in Php
Active shredder safety technology for the small office. Shreds 15sheets per pass into 5/32" x 1-1/2" cross-cut particles (Security Level3). Patented SafeSense® Technology stops shredding when hands touch thepaper opening. Designated shredde The electronic cigarette is not new. People who buy electronic cigarette knows that this product has been in the market for years now. Despite some sectors apparently trying to shoot the product down from the shelves, the popularity of elect
Moderndays internet apps are heavily influenced with a variety ofdevelopment technologies available to developers. These technologiesallow programmers to quickly align their development approachaccording to the requirements of the application. php is one the mostpopular development and scripting language for web app developmentbecause of its simple syntax and programming approach. Variousfeatures of php like it's syntax, which does not require variabledeclaration, makes it a more friendly language over the others in thedomain of web applications.Evenafter being a programmer-friendly language, a number of issues arethere in php which can cause serious security related threats in aweb application. The effect of such a security hole can causeblunders to a business, if it is heavily dependent on a webapplication. Since we all know the advantagesof PHP,some of the potential void areas in php development are:AccessControl: If certainconfidential or crucial sections of an application are not securedproperly, the access control issues arise in the web application.Taking an example, if normal user with non-administrative privilegelogs in to the application and re-writes the URL of the web app tothe address location of administrator, it's quite possible that theuser can by-pass the administrator's log in section and gain theauthority of the administrator without authenticating himself.Preventing the sensitive pages from hijacking can be practiced byplacing them in a separate directory protected by the .htaccessfile.SessionID protection: Eachtime a user logs in his account, a session ID is assigned whichidentifies the user during the session. In a php based webapplication, hijacking of the session ID is a common problem whereif session ID is known to an intruder, he can easily gain access tothe user's session. This can be a problem in events like passwordreset, credit card authentication etc. In such circumstances,revalidating the user's credentials for highly sensitive actions isadvised to protect the session from any hacking attempt.CrossSite Scripting or XSS attempts:Another type of security issue that arises in a php application isthe cross site scripting, malicious scripting codes which can modifythe behavior of the web page. Crucial session information likesession IDs, cookies information are passed to the hijacker, who canuse it for unauthorized and unintended purposes and can cause harmto user's confidentiality. To prevent a web app from such type ofattacks, the submission of HTML tags like ""should be prohibited.Problemin error reporting:If the value of the display_error in the php.ini file is not set to"0" results of all the errors conditions, during theexecution of the code, will be displayed in the user's browser. Atechnically sound user can gain advantage of knowing the internalfunctionality of the application by providing error causing or badinputs in the application. Further, by knowing the executionprocedure of the application, the attacker can find out the entrypoint in the system and can modify the behavior of the systemaccording to his own choice.Asmentioned in the points discussed above that security issues arethere in using php for web applicationdevelopment, however it does not nullify the scope of phpas these issues can be tackled effectively by any experienceddeveloper. The main intent of the discussion was to provide a glimpseof the possible threat areas in a php application and in order tocheck these conditions, an expert developer can make use of hisknowledge to develop a secure application.
Security,Issues,Php,Moderndays