- Above the Fold: Understanding the Principles of Successful Web Site De
- Adapting to Web Standards
- Art of Non-Conformity
- Art of Readable Code
- Art of SEO
- Back to the User
- Beginning PHP6, Apache, MySQL Web Development
- Book Notes
- Books to Read
- Bored and Brilliant
- Born For This
- Choosing A Vocation
- Complete E-Commerce Book
- Content Inc
- Core PHP Programming
- CRM Fundamentals
- CSS Text
- Dealing with Difficult People
- Defensive Design for the Web
- Deliver First Class Web sites
- Design for Hackers: Reverse-Engineering Beauty
- Designing Web Interfaces
- Designing Web sites that Work: Usability for the Web
- Designing with Progressive Enhancement
- Developing Large Web Applications
- Developing with Web Standards
- Economics of Software Quality
- Effortless commerce with php and MySQL
- Epic Content Marketing
- Extending Bootstrap
- Foundation Version Control for Web Developers
- Guerrilla Marketing for a Bulletproof Career
- HACKING EXPOSED WEB APPLICATIONS, 3rd Edition
- Hacking Web Apps
- Happiness At Work
- Implementing Responsive Design
- Inmates Are Running the Asylum
- Instant LESS CSS Preprocessor How-to
- jQuery Pocket Reference
- Letting Go of the Words
- Lost and Found: A Painfully Honest Field Guide to the Startup World
- Making Every Meeting Matter
- Manage Your Day to Day
- Marketing to Millenials
- Mobile First
- Monster Loyalty
- More Eric Meye on CSS
- Official Ubuntu Book
- Organized Home
- Pay Me… Or Else!
- Perennial Seller
- Pet Food Nation
- PHP 5 E commerce Development
- PHP In a NutShell
- PHP Refactoring
- PHP5 and MySQL Bible
- PHP5 CMS Framework Development
- PHP5 Power Programming
- Preventing Web Attacks with Apache
- Pro PHP and jQuery
- Professional LAMP
- Purple Cow: Transform Your Business
- Responsive Web Design with HTML and CSS3
- Responsive Web Design with HTML5 and CSS3
- Rules of Thumb
- Saleable Software
- Search Engine Optimization Secrets
- Securing PHP Web Applications
- Serving Online Customers
- Simple and Usable Web, Mobile and Interaction Design
- Smart Organizing
- Smashing UX Design: Foundations for Designing Online User Experiences
- Studies in History and Philosophy of Science
- Talent is Not Enough
- The 10x Rule
- The Benefits of Working with Git In Your Software Projects
- The Clean Coder
- The Herbal Handbook for Home & Health
- The Life-changing Magic of Tidying up
- The Modern Web
- Think First
- This Is Marketing
- Traction
- Version Control with Git, 2nd Edition
- Web Analytics 2.0: The Art of Online Accountability and Science of Cus
- Web Site Usability: A Designer's Guide
- Web Word Wizardry
- Web Word Wizardy
- Website Owner’s Manual
- Whats Stopping Me
- Work for Money, Design for Love
- Your Google® Game Plan for Success: Increasing Your Web Presence with
- Checklists I Have Collected or Created
- Crafts To Do
- Database and Data Relations Checklist
- Ecommerce Website Checklist
- Learning Stuff From Blogs
- My Front End UI Checklist
- New Client Needs Analysis
- Newsletters I Read
- Puzzles
- Style Guides
- User Review Questions
- Web Designer's SEO Checklist
- Web site Review
- Website Code Checklist
- Website Final Approval Form
- Writing Content For Your Website
- Writing Styleguide
- Writing Tips
- 7 essentialls of graphic design
- Accidental Creative
- Choosing the right color for your logo
- CMS Design
- Communicating Design: Developing Web Site Documentation for Design and
- Designing for Web Performance
- Eat That Frog
- Elements of User Experience
- Flexible Web Design
- Forms that Work: Designing Web Forms for Usability
- Homepage Usability
- Responsive Web Design
- Seductive Interaction Design: Creating Playful, Fun, and Effective Use
- Strategic Web Designer
- Submit Now: Designing Persuasive Web sites
- The Zen of CSS Design
- Complete Book of Potatoes
- Creating Custom Soil Mixes for Healthy, Happy Plants
- Edible Forest Garden
- Garden Design
- Gardening Tips and Tricks
- Gardens and History
- Herbs
- Houseplants
- Light Candle Levels
- My Garden
- My Garden To Plant
- Organic Fertilizers
- Organic Gardening in Alberta
- Plant Nurseries
- Plant Suggestions
- Planting Tips and Ideas
- Root Cellaring
- Things I Planted in My Yard
- Way We Garden Now
- Weed Decoder
- 101 Organic Gardening Hacks
- 2015 Herbal Almanac
- Beautiful No-Mow Lawns
- Beginner's Guide to Heirloom Vegetables
- Best of Lois Hole
- Design in Nature
- Eradicate Invasive Plants
- Gardening Books to Read
- Gardens West
- Grow Organic
- Grow Your own Herbs
- Guerilla Gardening
- Heirloom Life Gardener
- Hellstrip Gardening
- Indoor Gardening: The Organic Way
- Landscaping with Fruits and Vegetables
- Real Gardens Grow Natives
- Seed Underground
- Small plot, high yield gardening
- Thrifty Gardening from the Ground Up
- Vegetables
- Veggie Garden Remix
- Weeds: In Defense of Nature's Most Unloved Plants
- What Grows Here
- Activities for Kids
- Animals In My Yard
- Baking & Cooking Tips
- Bertrand Russell
- Can I Get that on Sale?
- Cleaning Tips and Tricks
- Colour Palettes I Like
- Compound Time
- Cooking Tips
- Crafts
- Crafts for Kids
- Household Tips
- Inspiration
- Interesting
- Interior Design
- Keywording & Tags
- Latin Phrases
- Laundry Tips
- Learn Something New
- Links, Information, and Cool Videos - Stuff for My Kids
- Music Websites for Parents and Kids
- My Miscellany
- Organizing
- Quotes
- Reading List
- Renovations
- Silly Sites
- Things that Make Me Laugh
- Videos to Watch
- Ways to Be Nice
- YouTube Hacks
- Bug Tracking Tool
- Business Tips
- Code Packages I Like on GitHub
- Content Management systems
- Creating Emails & Email Newsletters
- Games
- I Made A Framework
- Open Source
- Patterns, Textures and other media
- PHP Coding Standards
- Programming
- Project Verbs for to do lists
- Qualities of Creative Leaders
- Scalable Vector Graphics
- SEO
- Software Design
- The Shell, Scripts and Such
- Writing Instructions
- Accessibility
- CSS Frameworks
- CSS Reading List
- CSS Sticky Footer
- Design of Sites
- htaccess files
- HTML Tips and Tricks
- Javascript (and jQuery)
- Landing Page Tips
- Making Better Websites
- More Information on CSS
- MySQL and Databases
- Navigation
- Responsive Design
- Robots.txt File
- Security and Secure Websites
- SVG Images
- Types of Content
- UI and UX and Design
- Web Design and Development
- Web Design Tools
- Web Error Codes
- Website Testing Checklist
- Writing for the Web
- Writing Ideas for your website
- Animations and Interactions
- Being a Better Designer
- Bootstrap Resources
- Color in Web Design
- Colour
- CSS Preprocessors: Sass and Less
- CSS Tips Tricks
- Customer Centered Design Myths
- Design Systems
- Designing User Interfaces
- Font & Typographical Inspiration
- Fonts, Typography, Letters & Symbols
- Icons
- Logo Designs
- Photoshop Tips and Tricks
- Sketch
- UX and UI and Design Reading List
- Web Forms
- Well Designed
Security is Important
The most basic thing you can do to secure PHP on the server is to be sure the options in the php.ini file are set optimally. If you are working in a shared hosting environment, you may not have the ability to change the settings in php.ini, but by knowing which settings have an effect on overall server security, you will be able to choose a Web host that has taken the time to secure PHP.
There are dozens of parameters in php.ini, but only a few of them are important from a security standpoint. Many of these parameters aren’t set securely by default, so anytime you have a new PHP installation (or are working in a new environment that you haven’t already secured), take a few minutes to check the settings in php.ini against the following list and change the settings as needed.
- safe_mode = On
Safe_mode is a good thing to turn on unless you have a compelling reason not to use it.
- safe_mode_gid = Off
Combined with safe_mode = On, turning off safe_mode_gid requires that a file be owned by the same user and group ID in order to be accessed by a PHP application.
- open_basedir =
This allows you to set the top-level directory that PHP applications can access. For example, if you set open_basedir = /home/my_application/, an attacker would not be able to traverse the filesystem to /home/some_other_user/.
- safe_mode_exec_dir =
Combined with safe_mode = On, functions that execute system programs such as exec() and system() would not have access to them unless they are placed in the specified directory. This means that only system functions you specifically place in the specified directory would be available to your application, preventing a hacker from executing anything else.
- expose_php = Off
This prevents PHP from including information about itself (such as the version of PHP running on the server) in HTTP headers. This information is very helpful to hackers because it narrows down which vulnerabilities they may be able to exploit. If hackers discover that you are running PHP 4, they will know that there is a good likelihood that they will be able to exploit typical PHP 4 vulnerabilities.
- register_globals = Off
Unless register_globals is turned off, any parameter sent to a PHP script is automatically converted to a global variable. This allows a hacker to create new variables within your application. register_globals is turned off by default in every version of PHP starting with 4.2.0, but it doesn’t hurt to check the setting just to be sure it hasn’t been turned on at some point.
- session.cookie_lifetime
session.cookie_lifetime specifies how long a session cookie remains viable before it times out. The default value is 0 or no time-out. It’s a good idea to set this value to something that makes sense for your application. For instance, if you’re writing an online banking application, you may want to set it for only a few minutes. For our guestbook, a couple of hours is probably sufficient. This allows the user to walk away and come back, but will prevent some session hijacking attempts.
- display_errors = Off
display_errors is a very useful debugging tool, because it displays detailed error messages anytime a PHP application encounters a problem. Like most debugging tools, it should be turned off in a production environment—unless, of course, you want to share path names, SQL statements, and other sensitive information with the world.
These are the most important parameters to look at when securing PHP. If you’re setting up PHP for the first time, you’ll want to familiarize yourself with the entire php.ini file, and be sure you understand what each parameter does before you change the default setting. However, at least where security is concerned, the default values aren’t always the best setting. If you do nothing else with php.ini, at least make sure the parameters listed here are set correctly.
Website Security and Secure Coding
Decrypted MD5 and SHA1 Hashes and Password Haystack tool.
Apache Server Password Formats
Most Popular VPNs are not secure, find out why.
Improving the Security of Your User Passwords in PHP with Ultra Paranoid Computing
Potentially the Best File on the Internet for Web Developers
Strong Passwords Are Very Important
Password strength meter (with online demo) and some humor about secure passwords.
Making Secure Passwords in PHP
How secure is your password? Check your password strength with this handy site.
Importance of Input Validation
Common Security Mistakes to Avoid and PHP Security Levels
What to do if your site goes down
How to Safely Store a Password
Strong Passwords
Curious what a constitutes a bad password, or perhaps which ones are the worst to use? Check out this guide on the 20 Most Hacked Passwords in the World.
Try this Password Generator to create your next strong password.
This page contains information I gathered and thought were very useful. See more notes on the web.
Just to let you know, this page was last updated Saturday, Dec 21 24