Home  >  Article  >  Backend Development  >  PHP security-simplicity is beautiful

PHP security-simplicity is beautiful

黄舟
黄舟Original
2017-02-23 09:13:371247browse


Simple is beautiful

Complexity breeds errors, and errors can lead to security vulnerabilities. This simple fact illustrates why simplicity is so important for a secure application. Unnecessary complexity is just as bad as unnecessary risk.

For example, the following code is excerpted from a recent security vulnerability advisory:

##CODE:

  <?php
 
  $search = (isset($_GET[&#39;search&#39;]) ?
$_GET[&#39;search&#39;] : &#39;&#39;);
 
?>

This process can confuse the fact that the $search variable is tainted*, especially to inexperienced developers. The above statement is equivalent to the following program:

CODE:

 
  <?php
 
  $search = &#39;&#39;;
 
  if (isset($_GET[&#39;search&#39;]))
  {
    $search = $_GET[&#39;search&#39;];
  }
 
  ?>

## The above The two processing flows are exactly the same. Now please pay attention to the following statement:

  $search = $_GET[&#39;search&#39;];

Using this statement ensures that the state of the $search variable remains intact without affecting the process, and it can also be seen whether it is contaminated.

* Annotation: A contaminated variable means that during program execution, the value of the variable is not directly specified by the assignment statement, but comes from other sources, such as console entry, database, etc.

The above is the content of PHP Security-Simplicity is Beautiful. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!



Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn