Join The Prescott Web Design Meetup Group

You'll get invited to our Meetups as soon as they're scheduled!

The Prescott Web Design Meetup Group Message Board › PHP Security

PHP Security

Monty Cook
Posted Mar 17, 2009 11:06 AM
user 8931410
Prescott, AZ
Post #: 1
Send an Email Post a Greeting
I was disappointed that our March meeting was cancelled. I hope we can meet in April.

I have not used php much. However, I am adding some dynamic pages to a site so that it will have a page of local psychotherapists and allow users to search for a particular therapist by treatment focus. There will not be any confidential information on any of the pages. Also, my wife will enter all the therapist data through a password-protected (encrypted) page--users will not be entering any data. This site does not now have an SSL.

My question is that, is there anyway an attacker could inject anything in the main page with a list of therapists, or in the search results page when the data is being pulled from the database?

Monty
Kally M
Posted May 15, 2009 2:42 PM
kallym
Prescott Valley, AZ
Post #: 10
Send an Email You are unable to greet this member
Hi Monty,

One thing you can do is to have a separate database user/password with limited privileges. For example to display the results on the page, you only need a user with SELECT privileges.
Monty Cook
Posted May 17, 2009 10:10 AM
user 8931410
Prescott, AZ
Post #: 2
Send an Email Post a Greeting
Thank you Kally. That is helpful.

Monty
Powered by mvnForum