| PHP language is one of the most popular net programming languages, which has been applied to more and more internet websites. But because of programmers'lack of awareness of programming security, various attacks on PHP websites have made the web security a serious issue. For this reason, it is growingly important to establish a set of programming techniques to defend against web attacks and as a guide for programmers to build reliable PHP websites.This article aims to research and analyze on various ways of PHP website attacks and their respective defensive methods, with an emphasis on the principle, process, and potential damage of and defensive techniques for SQL Injections, Cross Site Script attacks, Cross Site Request Frauds and file uploading loophole attacks. It is suggested that defending against SQL injections by using security configurations and database designed skills, defending against cross site script attacks by using input and output filters as well as http only cookies, defending against cross site request frauds by using cookie and http refer validations, defending against file uploading loophole attacks by using file directory access restrictions as well as file type and file size checks.In this article, it will also illustrate how to build a safe, robust and reliable application program by taking a real PHP photograph uploading system as an example. It starts with analysis on demand for photograph uploading systems, followed by introducing a system without any security protection designs. Then, it discusses possible attacks that would be suffered by this system and applies defensive techniques introduced in this article to make improvements and ultimately complete a safe and reliable photograph uploading system. |
PDF Full Text Request