what kind of attacks can be to PHP and MYSQL?
I have a website that written with php and using mysql, I want to do it maximum security as well as it can. I searched wh开发者_如何学JAVAat attaks can be and I found only injection. My question is that is mysql_real_escape_string
function provide %100 security against injection? and is there any other attacks that I should consider when writing php and mysql? thanks for helping...
Check out these sources;
http://phpsec.org/projects/guide/4.html
http://segfaultlabs.com/files/pdf/php-session-security.pdf
http://www.owasp.org/index.php/Cross_Site_Scripting
http://www.virtualforge.de/vmovie/xss_selling_platform_v1.0.php
http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
http://www.owasp.org/index.php/Guide_Table_of_Contents#Data_Validation
https://www.owasp.org/images/8/89/OWASP_Testing_Guide_V3.pdf
http://www.ibm.com/developerworks/web/library/wa-secxss/
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
http://www.owasp.org is a must. mysql_real_escape_string will not provide you 100% security.
Since you are Turkish you could also follow it here;
http://www.sanalkurs.net/forum/php-mysql/php%27de-guvenlik/
I am writing article about it whenever I find time (:
Hope this helps.
精彩评论