12.8. Security Redux
Because security is such an
important issue, we want to reiterate the main points of this
Check every value supplied to your program to ensure that the data
you're getting is the data you expected to get.
Always initialize your variables.
Set variables_order. Use
$_REQUEST and friends.
Whenever you construct a filename from a user-supplied component,
check the components with basename( ) and
Don't create a file and then change its permissions.
Instead, set umask( ) so that the file is created
with the correct permissions.
Don't use user-supplied data with eval(
), preg_replace( ) with the
/e option, or any of the system commands
(exec( ), system( ),
popen( ), passthru( ), and the
backtick (``) operator).
Store code libraries and data outside the document root.
Copyright © 2003 O'Reilly & Associates. All rights reserved.