Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

PHP Forum


You are currently viewing our PHP Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > PHP Forum > Question relating to PHP security

Freelance Jobs

Reply
Question relating to PHP security
Old 09-06-2007, 11:29 PM Question relating to PHP security
goheadtry's Avatar
Webmaster Talker

Posts: 730
Name: John
Location: United States of America, California
Trades: 0
Talkupation: goheadtry is a jewel in the roughgoheadtry is a jewel in the roughgoheadtry is a jewel in the rough
Okay I have been wondering what is the best guide on php security online? That will stop all types of bad things from happening.

I have found flaws and other things in online stores such as putting the quantities as a negative number it adds credit to a credit card I tried this with a online store kit of course I used the transaction with a test credit-card that isn't real and is their for developers and it actual acts as if I am adding money to credit cards.

I found something similar in a hotel room where it only gave you one movie at a time no matter the quanity and I placed a negative number in the price range for movies it allowed me to watch movies for free with the as long as I searched in a negative price range it made it so I would get movies and it payed me to watch them I used test paypal credit cards etc and I explained to the hotel this and they payed me to fix it

So I have only found small flaws and may want to continue this as a career what would your advice be on learning more then just this odd negative number trick and correcting it.
Security wise where can I learn more things like this rather then just kindof figuring it out is their a list of do's and don'ts with PHP security oh and the program they used did have PHP. and a keyboard so you could type ranges etc and was displayed as html but with a customized version of I believe it was firefox if I am not mistaken
__________________
Free $1 gift card when you signup at
Please login or register to view this content. Registration is FREE
Please login or register to view this content. Registration is FREE

Last edited by goheadtry; 09-06-2007 at 11:33 PM..
goheadtry is offline
Reply With Quote
View Public Profile Visit goheadtry's homepage!
 
 
Register now for full access!
Old 09-07-2007, 12:02 AM Re: Question relating to PHP security
mgraphic's Avatar
Truth Seeker

Latest Blog Post:
JAMISONTUNES
Posts: 2,918
Name: Keith Marshall
Location: Connecticut
Trades: 0
Talkupation: mgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant futuremgraphic has a brilliant future
User input is by far something that should deserve a lot of attention as user mistakes and malicious interaction can cause some unwanted results for php scripts that don't handle them properly. Sanitizing and type casting vars is usually far too often neglected by those who are first learning php or programming in general.

One of the best ways you can protect user input to behave as the developer expects is to force it to a desired type. For example:

Numbers:
Signed floats
Unsigned floats
Signed Integers
Unsigned Integers

Strings:
Striped or unstriped
Trimmed
Untrimmed
HTML Safe

Booleans

Arrays
__________________

<mgraphic /> - I don't have a solution but I admire the problem.
mgraphic is offline
Reply With Quote
View Public Profile
 
Old 09-07-2007, 12:35 AM Re: Question relating to PHP security
goheadtry's Avatar
Webmaster Talker

Posts: 730
Name: John
Location: United States of America, California
Trades: 0
Talkupation: goheadtry is a jewel in the roughgoheadtry is a jewel in the roughgoheadtry is a jewel in the rough
Also related to security I found this in google it finds phpmyadmin that is not blocked by robots obviously this is a problem how do I contact these sites and let them no many of which allow you to create servers have no login or default login how do you inform people on a major scale.
http://www.google.com/search?q=intit...&start=50&sa=N
__________________
Free $1 gift card when you signup at
Please login or register to view this content. Registration is FREE
Please login or register to view this content. Registration is FREE
goheadtry is offline
Reply With Quote
View Public Profile Visit goheadtry's homepage!
 
Reply     « Reply to Question relating to PHP security
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > PHP Forum > Question relating to PHP security

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.29184 seconds with 12 queries