/
readme.txt
141 lines (100 loc) · 3 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
Pro PHP Security
by Chris Snyder and Michael Southwell
This code archive for Pro PHP Security contains the following scripts:
Part 1 The Importance of Security
Chapter 1 Why is Secure Programming a Concern?
Part 2 Keeping Your Environment Secure
Chapter 2 Dealing with Shared Hosts
Chapter 3 Maintaining Separate Development and Production Environments
* backupDatabase.php
* pullFrom.php
* resetPermissions.php
Chapter 4 Keeping Software Up To Date
Chapter 5 Using Encryption I: Theory
Chapter 6 Using Encryption II: Practice
* integrity.php
* mcrypt.php
* mcryptDemo.php
* openSSL.php
* openSSLDemo.php
* passwordHashingDemo.php
Chapter 7 Securing Networks I: Secure Sockets Layer/Transport Layer Security
* ftpsDemo.php
* ftpsWrapperDemo.php
* httpsDemo.php
* imapDemo.php
* ssl.conf
* tlsGetDemo.php
Chapter 8 Securing Networks II: Secure Shell
* sftpClasses.php
* sftpDemo.php
* ssh2ExecDemo.php
* sshd_config
Chapter 9 Controlling Access I: Authentication
* authenticate.php
* authenticateDemo.php
* checkSecureConnection.php
* htpasswd.php
* singleSignOn.php
* ssoClient.php
* ssoServer.php
Chapter 10 Controlling Access II: Permissions
* mysqlInstallationHarden.sql
Part 3 Keeping Your Scripts Secure
Chapter 11 Validating User Input
* inputValidationDemo.php
* PHP_SELF.php
Chapter 12 Preventing SQL Injection
* mysqliPrepare.php
* mysqliPrepareOO.php
* protectionTest.php
Chapter 13 Preventing Cross-site Scripting
* encodeDemo.php
* escapeDemo.php
* filterUriDemo.php
Chapter 14 Preventing Remote Execution
* escapeShellArgDemo.php
* escapeShellCommandDemo.php
* safeForEval.php
* safeForEvalTest.php
* sslTest.php
Chapter 15 Enforcing Security for Temporary Files
* createSHA1Tempfile.php
* createUniqidTempfile.php
* hashTest.php
Chapter 16 Preventing Session Hijacking
* sessionDemo1.php
* sessionDemo2.php
* sessionRegenerate.php
Part 4 Keeping Your Operations Secure
Chapter 17 Allowing Only Human Users
* captchaCheck.php
* captchaForm.php
* captchaGenerate.php
* checkCaptchaInput.php
Chapter 18 Verifying Your Users’ Identities
* mailboxVerification.php
Chapter 19 Using Roles to Authorize Your Users’ Actions
* role-assignments.php
Chapter 20 Adding Accountability to Track Your Users
* loggerClass.php
* loggerClassDemo.php
* parseLoggerFile.php
* parsePreviousLog.php
* transactionClass.php
Chapter 21 Preventing Data Loss
* confirmDelete.php
* createVersionedBackup.php
* deleteOldVersions.php
* refererTest.php
Chapter 22 Safely Executing Privileged Scripts
* changeOwnershipClient.php
* changeOwnershipDameon.php
* jobManagerClass.php
* mp3Interface.php
* mp3Processor.php
* simpleDaemonDemo.php
Chapter 23 Handling Remote Procedure Calls Safely
* limitRequestsDemo.php
* timeoutDemo.php
Chapter 24 Taking Advantage of Peer Review