Wednesday, 4 April 2007

Overview of PHP Security

Pбdraic Brady provides you with arguments and insights into PHP applications and deals with the security aspect of these applications. The security exploits and vulnerabilities have escalated over the years. Brady is of the opinion that its high profile presence on the Web, its large body of inexperienced ill-educated programmers, and its infamous ease of misuse.

He says, it’s interesting to see how PHP and the broader community respond to these challenges to quell the criticism and offer solutions. He says, unfortunately the nature of PHP as a programming language is its ease to foul up. So, this has left the responsibility of security completely up to the individual programmer. The results have been less than comforting, leaving an Internet populated by many insecure PHP scripts and application written by well meaning but under educated programmers and casual users.

He tells that the programmers require education, require education, experience and guidance before they finally hit the jackpot and learn about revolutionary concepts like input filtering, output escaping, mysql_real_escape_string(). He advises you to get hold of few PHP Security books published, which you can easily order from Amazon.

He thinks it’s symptomatic to look at how the community reacts to the growing pressure to prioritize security and make it easier for programmers to implement measures against the common security exploits. One example he provides is the Zend Framework. He says, it is in development for over a year. The Zend Framework has a mixed security bag on the basic task of accessing user input. A second development, he points out is PHP's core filter extension. He is disappointed that the reception of this filter’s arrival was lukewarm.