I. filter input and avoid output
Sometimes the phrase "filter input and avoid output" is abbreviated as FIEO, which has become a security mantra for PHP applications.
1. Use ctype for verification
Ctype: http://php.net/ctype
2. Use PCRE
PHP has a configuration option named allow_url_fopen, which is valid by default. It allows you to point to many types of resources and process them like local files. For example, by reading a URL, you can obtain the content of a page (HTML) and view
1. Use a SQL injection cheat sheetA basic principle is to never trust user-submitted Data.Another rule is to escape (escape) when you send or store Data.Can be summarized as: filter input, escape output (FIEO). Input filtering, Output Escaping.The
This article describes how to use php to open remote files, as well as the usage risks and solutions. PHP has a configuration option named allow_url_fopen, which is valid by default. It allows you to point to many types of resources and process them
This article describes how to use php to open remote files, as well as the usage risks and solutions. PHP has a configuration option named allow_url_fopen, which is valid by default. It allows you to point to many types of resources and process them
Php methods and risks of opening remote files and solutions. PHP has a configuration option named allow_url_fopen, which is valid by default. It allows you to point to many types of resources and process them like local files. For example, by
Output escaping another Web application security is based on escaping the output or encoding special characters to ensure that the original intent remains the same. For example, O ' Reilly needs to be escaped into o\ ' Reilly before being routed to
1. Use a SQL injection cheat sheetA basic principle is to never trust user-submitted data.
Another rule is to escape (escape) when you send or store data.
Can be summarized as: Filter input, Escape output (FIEO). Input filtering, output
The night has been deep, ready to tell the story about NetFilter, writing a little loose, because no draft, a bit with the consciousness of the flow, one go do not know is to boast or self-deprecating, right when a child wrote diary, childhood like
Recently more concerned about the security of PHP, many domestic developers, especially PHP beginners, many times only to meet the function is realized, the discussion of the safety of a little even indifferent. Such consequences are serious, such
First, what is Nftables?Nftables is the new packet classification framework, a new Linux firewall management program designed to replace the existing {ip,ip6,arp,eb}_tables. Nutshell:
It is available when the Linux kernel version is above 3.
Generally, LINUX Firewall (iptalbes) uses nat tables (PREROUTING, OUTPUT, and POSTROUTING) and filter tables (FORWARD, INPUT, and OUTPUT ). We can correctly configure the firewall only when we know the data flow. A relatively intuitive graph is used
Article Title: easy to understand-graphic simple iptables firewall. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open
How to block network traffic in Linux based on country location
As a system administrator who maintains a Linux production server, you may encounter the following situations: You need to selectively block or allow network traffic to pass through
1) What is a raw table? What is it?
Iptables has five links: prerouting, input, forward, output, postrouting, and four tables: filter, Nat, mangle, raw.
The priority of the four tables ranges from high to low: raw --> mangle --> Nat --> Filter
For
Iptables only filters IP addresses and packets over the protocol, that is, packets over the network layer.
Differences between iptables and netfilter:
The official project named netfilter for all package filtering and package modification facilities
Iptables-1.1.9 Guide (Classic) (4)-Linux Enterprise Application-Linux server application information, which is described below. The meaning of [UNREPLIED] is the same as that in the previous section. It indicates that the number is transmitted only
CentOS Study Notes-firewall iptables, centosiptablesLinux Firewall: iptables
Iptables is a packet filtering software, and more than 2.6 of the Linux kernel is this software. This Section selects the Linux private dish of laruence-Chapter 9 server
Introduction to Linux port redirection and iptables
By Guo shilong
Request:
The lab has established an internal management information system (B/S mode), requiring each member of the lab to log on to the information system over the network, but the
The next-generation packet filtering framework following iptables is nftables.At night, I was prepared to go on to tell the story about Netfilter. The text was a little loose. Because I didn't draft a draft, I was a little confused about whether to
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.