中英結合的方式果然不錯。我以前曾轉載國人對於php安全編程的總結。有人說是老生長談。這回看看外國朋友的作品。
據最新的調查,php語言的使用率竟超過了老牌語言c++,成為使用率第三位的編程語言。它有很多有用的功能,不過可能出現的問題也不少。這篇文章就列出了五條常用的建議以幫助你創造安全的php應用。
PHP is one of the most popular programming languages for the web. Sometimes a feature-friendly language can help the programmer too much, and security holes can creep in, creating roadblocks in the development path. In this tutorial, we will take a look at 5 tips to help you avoid some common PHP security pitfalls and development glitches.
建議1:使用錯誤報告要合適
Tip 1: Use Proper Error Reporting
開發過程中,錯誤報告挺有用。它能幫你找到一系列問題。但如果你在正式應用裡仍打開這一功能,那會給不懷好意者以豐富信息。你可以在所有應用的文件代碼前加入error_reporting(0);
如果出現某些問題你確實想知道,那麼應該將錯誤報告輸入到一受保護的文件中,這可以用函數 set_error_handler完成。
During the development process, application error reporting is your
best friend. Error reports can help you find spelling mistakes in your
variables, detect incorrect function usage and much more. However, once
the site goes live the same reporting that was an ally during
development can turn traitor and tell your users much more about your
site than you may want them to know (the software you run, your folder
structure, etc).
Once your site goes live, you should make sure to hide all error
reporting. This can be done by invoking the following simple function
at the top of your application file(s).
If something does go wrong, you still want and need to know about
it. Therefore, you should always make sure to log your errors to a
protected file. This can be done with the PHP function set_error_handler.
建議2:關閉php的壞功能
