Ô­Îijö´¦£ºhttp://devzone.zend.com/article/1754-PHP-Security-Tip-3
·­Ò룺linyupark@w3pop.com

Being Security conscious is a good thing but that alone won’t solve the problem. Developers have to be vigilant when it comes to security. Even then you can’t do it alone. Today’s Security tip reminds you of this.

´æÔÚ°²È«ÒâʶÊǼþºÃÊ£¬µ«Õâ²¢²»Êǵ¥¶À¿ÉÒÔ½â¾öµÄÎÊÌâ¡£µ±Ìáµ½°²È«ÎÊÌâʱ¿ª·¢ÕßÃDZØÐëÌá¸ß¾¯Ìè¡£¾¡¹ÜÄÇÑùÄãÒ²²»Äܹ»µ¥¶À´¦Àí¡£½ñÌìµÄ°²È«ÐÔ¼¼ÇɾÍÊÇÒªÌáÐÑÄãÕâµã¡£

Since your application may be harboring security vulnerabilities that you have not been exposed to, third-party security software or services should be considered to help bring a fresh perspective and find overlooked weaknesses.

ÒòΪÄãµÄ³ÌÐò¿ÉÄܺ¬Óа²È«ÐÔµÄÎÊÌâ¶øÄãûÓз¢¾õ£¬µÚÈý·½°²È«Èí¼þ»òÊÇ·þÎñÓ¦¸ÃÒª¿¼ÂÇÈ¥°ïÖú·¢ÏÖÄÇЩû±»×¢ÒâµÄȱµã²¢´øÀ´Ò»Ð©Ð·½°¸¡£

As a developer you should have tools in your toolbox that will help you find security vulnerabilities in your applications. Tools like Chorizo will help you by performing automated scans of your code. Programs like PHPSecInfo will help you ensure that your environment is configured properly.

×÷ΪһÃû¿ª·¢ÈËÔ±ÄãÓ¦¸ÃÓÐһЩ¹¤¾ßÀ´°ïÖúÄãÕÒµ½³ÌÐòÖеݲȫ©¶´¡£Ïñ Chorizo ¿ÉÒÔ°ïÖúÄãÖ´ÐÐ×Ô¶¯µÄ´úÂëɨÃ蹤×÷¡£»¹ÓÐÏñ PHPSecInfo ÕâÑùµÄ³ÌÐò¿ÉÒÔ°ïÄãÈ·±£¿ª·¢»·¾³ÊÇ·ñÍ×µ±¡£

Using tools like these and other scanning tools should not be the only thing you do to ensure security. They are however, an important part of the mix. Let trusted projects and vendors help you build and maintain secure applications.

ʹÓÃÕâЩ¹¤¾ßºÍÆäËûһЩɨÃ蹤¾ß²¢²»ÊÇÄãΨһ¿ÉÒÔ±£Ö¤°²È«ÐԵİ취¡£µ«²»¹ÜÔõÑùËüÃǵÄÈ·ÊÇÆäÖбȽÏÖØÒªµÄÒ»²¿·Ö¡£ÈÃЩ¿ÉÐŵÄÆóÒµ»òÊÇÂôÖ÷°ïÄ㽨Á¢ºÍά»¤³ÌÐòµÄ°²È«¡£

PHP °²È«¼¼ÇÉÁ¬ÔØ #2[Òë] PHP °²È«¼¼ÇÉÁ¬ÔØ #4[Òë]

ÆÀÂÛ (0) All