1. 1
PHP Security Issues and Solutions
Thomas Böhne
May 17, 2003
Abstract
More and more people move from static HTML pages to dynamically gener-
ated websites. The most widely used language seems to be PHP, followed by ASP
(and VB-Script) and Perl.
While the dynamic approach offers many advantages, most users seem to over-
look the risks that arise from dynamic websites. We show some basic attacks, and
some principles to a more secure design.
1 Introduction
As for all Internet applications, security is a basic necessity. As for many Internet
applications, security is often not enforced properly.
In the following sections we show some common errors solutions to the problems.
Not all of them will work in all environ