Share 10 of the best PHP Security Development Ku Zhangwen Details _php Tutorials

Source: Internet
Author: User
Tags ruby on rails

Share 10 of the most outstanding PHP Security Development Ku Zhangwen Detailed Introduction


  1. PHP Intrusion Detection System

PHP IDS, or php-intrusion detection systems, is an advanced security layer that is easy to use, well-structured, and well-designed for PHP-class Web applications. This intrusion detection system does not provide any mitigation and anti-virus mechanism, and does not filter the malicious input content, its role is simply to identify the attackers against the site of malicious activities, and in the way you need to make timely reminders. With a set of proven and rigorous filtering rules, the detection system gives an impact rating on any attack activity, making it easier for users to understand how to respond to current hacking attacks. There are a variety of ways to respond, including simply sending logs to the development team via an emergency message, displaying a warning message about an attacker, or even immediately aborting the user's current session.

  2. PHP Password Lib

Php-passwordlib aims to build up a comprehensive set of cipher libraries that encompass all of the cryptographic needs. It is easy to install and easy to use, scalable and powerful enough to satisfy the discerning developer of the most experienced developers.

  3. Phpseclib

Phpseclib's design goal is to achieve a very strong compatibility effect. It runs on the basis of php4+ (requires PHP4 if using Php_compat) and does not require any additional extensions. For users who pay attention to speed performance, they can also use MCrypt, GMP, and Bcmath (in order), but three are not required.

  4.TCrypto

Tcrypto is a simple and flexible set of PHP 5.3+ in-memory key-value repositories. By default, it takes advantage of cookies as the storage backend. Tcrypto security is fully considered in the early days of construction. Security algorithms and patterns are readily available, automation and security initialization vector generation capabilities, encryption and authentication key creation (Keytoll) have very strong random characteristics, and have a key conversion (that is, the version of the key) as an aid. Tcrypto can be used as a set of extensibility "session handlers". In particular, when using cookies as a storage backend, their scalability will be more prominent. From this perspective, Tcrypto is somewhat similar to the Ruby on Rails session.

  5. HTML Purifier

HTML purifier is a set of standardized HTML filtering libraries written in the PHP language. HTML Purifier Not only removes all malicious code (commonly known as XSS) through a fully audited whitelist of security permissions, but also ensures that the user's files meet standard requirements-with its help, meeting the specifications will no longer be a challenge.

  6. Urlcrypt

Urlcrypt can easily and securely transfer short binary data fragments to URLs. With it, we are able to save user IDs, download expiration dates, and other common information in a secure manner. Urlcrypt uses 256-bit AES symmetric encryption mechanism to achieve data security encryption, its encoding and decoding library contains 32 characters, and can be directly applied to the URL.

  7. Hybrid Auth

Hybrid Auth is a set of open source PHP libraries for validating multiple social services and ID providers. The types of services it supports include OpenID, Facebook, LinkedIn, Google, Twitter, Windows Live, Foursquare, Vimeo, Yahoo, PayPal, and more. Users can easily integrate them with existing sites by inserting a single file or a few lines of code into the login/login page.

  8. Security Check –sensiolabs

This tool is very practical for both novice and experienced PHP programmers. It works very simple, the user only need to upload their own. lock file, the rest of the work can be all given to Sensiolabs to complete. If you look at data statistics carefully, you will realize how large the number of vulnerabilities they are discovering. We are likely to unknowingly allow our projects to export a lot of malicious content, and the advent of sensiolabs is enough to help us prevent it in a more positive way.

  9. PHP Login Project

PHP Login Project is a set of scripts designed to add validation mechanisms to our PHP project. There are a number of related tutorials on the network that can guide you to install them on servers of different configuration types, while providing a minimal and a single file version of the script.

  Ten. Securitymultitool

This set of Multitool libraries can recommend suitable security related libraries, standardized security defense implementations, and common task security implementation implementations. The goal of this library is to provide both a practical trunk tool and a reference material to achieve the goal. Whether or not your application is based on a Web application framework, we should include Securitymultitool--after all, Web application architecture alone is far from being secure.

http://www.bkjia.com/PHPjc/973127.html www.bkjia.com true http://www.bkjia.com/PHPjc/973127.html techarticle share 10 of the best PHP Security development Ku Zhangwen in detail 1. PHP Intrusion Detection system PHP IDS (ie, php-intrusion detection system) is a set of easy-to-use, well-structured, excellent speed and specialized surface ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.