cardisable_functions
disable_functions 时间:2021-04-14 阅读:()
479INDEXSymbols$_GETvariables316usingcookiesinsteadof$_GETvariablestopreventsessionabuse323$_SESSIONsuperglobalarray315,316,318,325markerusinginSELECTstatements258_construct()methodmcryptobject81openSSLobject93Numerics3DESdemonstrationofuse80–86introduction61–62Aabuseofstorage5abusers348griefersandtrolls350scammers349spammers348accesscontrolSeealsoauthentication;permissionsusingrolestoauthorizeactions359–375accidentalcorruption,preventionof399–400addingaconfirmationboxtoanaction401–404addingalockedflagtotable401accountabilitysystem-levelaccountability378usertracking377actionsaddingaconfirmationboxto401–404definedformembersandnonmembers362activate()methodapplicationloggingclasssample381–382addslashes()function241,256,290,301AES(AdvancedEncryptionStandard)demonstrationofuse80–86introduction62usingprivateRSAkeytodecrypt87alert()functionapplicationloggingclasssample382,384,387alerts,generatingusagereports,391–392algorithmstrength58–59AllowGroupscommand147AllowUsersdirective147alphabeticparameterschmodcommand211Apache,updating49–50Apachevirtualhostconfiguration23tagXSSscripting264applicationaccesscontrolstrategies360addingcontentsharing363separateinterfaces360–361usergroups362–363usertypes361–362applicationloggingbasiclevel378ensuringthatloggingsucceeds379essentialloggingcontent378–379sampleapplicationloggingclass380–387displayinglogdata396buildingcross-tabulationtablesforrelatedmetrics397creatingtime-basedgraphics397–398480INDEXapplicationlogging(continued)generatingusagereports391importantalerts391–392on-demandreporting396periodicsummaries392–396specializedlevel387businesslogicaccounting387databasemodificationaccounting388–389full-statelogging390–391responselogging390subrequestaccounting389–390applicationloggingclasssample380–387applicationlogs377applicationupgrades29application-levelpreservationcomparedtosystem-levelbackupscript400apttoolsimplifyingpackageinstallationprocess43artificialintelligencetechniquesattacksoncaptchas344potentialcaptchaproblems345assignRolesuserinterface374asymmetricencryption57protectingsensitivedata86–101RSA64audiocaptchas334–335AuthDigestDomaindirective186authentication175HTTPauthentication176BasicAuthentication176–184DigestAuthentication184–187introduction175–176singlesign-onauthentication194buildingsystem195–207Kerberos195two-factorauthentication187certificate-basedauthenticationusingHTTPS187–194usingone-timekeysforauthentication194AuthenticationLayerSSH(SecureShell)140SSHversion1141authorizationbasedonroles365–367actions371location370magicalrolenames369–370namesofroles367anonymous368authorandphotographer368editor368member368roleassignments371–372rolesamples367authorized_keysfilecreating155–156automatedabusebackground331–332preventation331automatedattacks6–7automateduserinputattackscenarios7Bbackgroundattributetag270backupspreventingdataloss399productiondata36–38settingreasonablestandardofprotectionformultiuserhosts20–21badges,approachestochecking374–375Base64algorithm68base64_decode()function85batchprocessing,triggering439PHPbatchprocessingdaemon443–449usingcrontorunascript439–443bazaarmodel467–468twokeyprinciples476Blowfishdemonstrationofuse80–86introduction62BooleanENUMcolumnaddingtoimportanttables405481INDEXbruteforceattacksoncaptchas344BSDJails22bugmanagementsystem475–476bugtrackingsystem27Bugzilla475–476businesslogicaccounting387CCA(CertificateAuthority)110choosing124,125creatingCACertificatewithopensslutility123introduction113cachepoisoning465–466cachesubrequests461–462captchas332attackson344audiocaptchas334–335cogitivecaptchas335–336creating336,339checkingtheusersresponse343–344generatingtheimage340–342placinginaform343selectingarandomchallenge339–340managementfromexternalwebservice336–339potentialproblems345AIscripts345complexity345hijacking345timeandmoneycosts345userdifficulties346textimagecaptchas333–334cathedralmodel467–468CertificateAuthority.
SeeCACertificateChain114certificate()methodopenSSLobject93,95,96CertificatesCA(CertificateAuthority)113CertificateChain114CRL(CertificateRevocationList)115introduction111–113checkingbadges,approachesto374–375checkinguploadedfilespreventingtemporaryfileabuse312,313chgrpcommand211chgrp()function215CHLDsignal425chmodcommandnotation211,212chmod()function215chowncommand211chown()function215chrootcommand215CipherFeedbackmode73clean_value()function254ClientCertificatesconfiguringmod_sslmoduletouse188creating189readingdetailsinPHP193using189,191Clinton,PresidentBillprankcarriedoutbyChristopherPetro6CNETdiscussionofgrieferproblems6cogitivecaptchas335–336commentspammakinglessattractive349commit()methodapplicationloggingclasssample384–386CompletelyAutomatedPublicTuringTesttotellComputersandHumansApart.
SeeCAPTCHAcomputeractionscomparedtohumanactions331configurationscripts,compilingsettingreasonablestandardofprotectionformultiuserhosts19–20confirmationboxaccidentalcorruptionprevention400addingtoactions401–404ConnectionLayerSSH(SecureShell)140contentsharingapplicationaccesscontrolstrategies363controlcharacters,inputvalidation230482INDEXcorruption,accidental.
Seeaccidentalcorruptionpreventioncostsandpotentialcaptchaproblems345cpcommandscpasreplacementfor144crc32()function66CreativeCommonscallsoffered458CRL(CertificateRevocationList)introduction115cron,usingtorunascript439–443cross-sitescripting.
SeeXSScryptographybooksandwebsiteresources55CSR(CertificateSigningRequest)certificate-basedauthenticationusingHTTPS187creatingfromprivateRSAkey189creatingwithopensslutility123csrfunctionscertificatesigningrequests87CSSandHTMLmarkupattacksXSS(cross-sitescripting)267–269currencydownsideofinstallingfrompackagingsystems43CVSversioncontrolsystem20,416homepage26CyclicRedundancyCheck.
SeeCRCDdaemonsandunix13controlling215creating426–432dangerousoperationsmakingsafe422implementationstrategies433–453resource-intensiveoperations423–433root-leveloperations422–423resource-intensivecommands421–422root-levelcommands420sbinbinaries420suidbitandsudocommand420datalossavoidingrecorddeletion404addingadeletedflagtoatable405creatingless-privilegeddatabaseusers405–406enforcingdeletedfieldinSELECTqueries406–408providinganundeleteinterface408preventing399–400preventingaccidentalcorruption400addingaconfirmationboxtoanaction401–404addingalockedflagtotable401versioning408–409creatingaversioneddatabasefilestore411–415INSERTandUPDATE410–411tablestructure408–409datarecoveryaddingaBooleanENUMcolumntoimportanttables405database,usingforqueueing435–439databasebackups,keepingsettingreasonablestandardofprotectionformultiuserhosts21databasefilestore.
Seeversioneddatabasefilestoredatabasepermissionssettingreasonablestandardofprotectionformultiuserhosts19databaseprotection218databaseaccess219,220databasefilesystempermissions219grantingprivileges221hardeningadefaultMySQLinstallation220–221regularbackups222unsafenetworking222databasequerieslogging388sanitizingvaluespassedtoothersystems245datecommand124Debiandpkgpackagingsystem42483INDEXdebug()functionapplicationloggingclasssample382,384decrypt()methodmcryptobject80,81,85openSSLobject93,97decryptionoftheftproofcarkey60defamation5DELETEstatementsinjectionattacks253logging388precededwithinstructiontoinsertsamerecordintostoragetable407usingBooleanENUMcolumninstead405deletionavoidance339SeealsorecorddeletionavoidanceDenialofServiceattacks9byCPUhogging17DenyGroupsdirective147DenyUsersdirective147dependenciesdownsideofinstallingfrompackagingsystems43downsideofportinstallations45destruct()methodmcryptobject81developers,controlling215developmentenvironment,separationof25developmentinfrastructureessentialpartsof26–27developmentserverscharacteristics26reasonsforseparation27–28Diffie-Hellman-Merkleasymmetricalgorithms57KeyExchangemethod63disable_classesdirective225disable_functionsdirective225,289diskquotas217DistinguishedNameaspartofcertificate87creatingwithopensslutility123dlog()function429,432DNSattacks9DomainNameSystem.
SeeDNSdpkgpackagingsystem42dropfolder,usingforshorttermqueueing434DSAalgorithm67Eemodifierpreg_replace()function298echocommand284EHLOcommand351elapsed()methodapplicationloggingclasssample381–382,390ElectronicCodebookmode72emailencryptiontechniquesPGPandGnuPG65S/MIME65sanitizingvaluespassedtoothersystems244–245tagXSSscripting264empty()function237,239--enable-sslconfigurationswitch116encrypt()methodmcryptobject80,81,84openSSLobject93,97,99,201encryption55,75algorithmstrength58–59comparedtohashing56emailencryptiontechniques64PPGandGnuPG65S/MIME65initializationvectors73introduction56–57modes71CipherBlockChainingmode73ElectronicCodebookmode72OutputFeedbackmode72passwordprotection75–79passwordstrength59–60protectingsensitivedata79asymmetricencryption86–101symmetricencryption80–86randomnumbers70484INDEXencryption(continued)recommendedencryptionalgorithms60asymmetricalgorithms64symmetricalgorithms61–63restrictionsonexportingalgorithms73–74streamsandblocks71verificationofdata101usingdigests101–107usingsignatures107–108EntropyGatheringDaemon71ENUMcolumnaddingtoimportanttables405eofproperty131errormessages,obscuring246escapeshellarg()function282,294,296,442escapeshellcmd()function294,296,297eval()function242,246,281,299cautioninallowinguserinput283cautioninusing301sanitizeuntrustedinputto289–293exec()function281,285attackersinjectingshellmetacharactersinto286executiontemporaryfiles305explode()function182FFerguson,NielsandSchneier,BrucePracticalCryptography55fileaccesscontrolsPHPtools215filepathssanitizingvaluespassedtoothersystems243–244fileversioning411file_get_contents()function166,243,301,459file_put_contents()function166,283file_uploadsdirective218fileDataclassload()method102,104filemtime()function415filesystemgroups210–211owners210–211filesystempermissionsSeealsopermissionsdatabaseprotection219–222keepingdevelopersanddaemonsintheirhomedirectories215sharedgroupdirectories213set-groupid214umask214filesystem,unix14fixation.
Seesessionfixationfloodingemailaddresses8fopen()function133,243,307creatingastream128fowardingsessionhijacking320–321fsockopen()function459creatingastream128FTPandeffectivesecurityforproductionservers29ftp_ssl_connect()function134,135full-statelogging390–391Ggarbagecollectioncreatingversioneddatabasefilestore413–415GETmethod252getCA()methodopenSSLobject93getCACommonName()methodopenSSLobject93getCommonName()methodopenSSLobject93getDN()methodopenSSLobject93getimagesize()function284gettype()function237,255GForgeremoteexecutionattack282GnuPG(GnuPrivacyGuard)65goldserversusingtodistributeupdates52meta-packages53meta-ports52–53485INDEXgoodnetizenshipsecureprogramming3GRANTstatement220granttablescontrollingdatabaseaccess219–220graphscreatingtime-basedgraphs,397–398griefers6introduction350groupsandthefilesystem210–211HHandshakeProtocol115harvestingemailaddresses8hashingcomparedtoencryption56–60introduction57–58newhashingalgorithms68RIPEMD-16068SHA-268recommendedhashfunctions66CRC3266DSA67MD566SHA-167hiddeninterfaceabuseinputvalidation232highlight_file()function243,289,290hijackingSeealsosessionhijackingattacksoncaptchas344potentialcaptchaproblems345temporaryfiles306testingprotection313–314homedirectoryandunix13Host-basedAuthenticationSSHversion2143HTMLpreventingXSSattacks272–273HTMLandCSSmarkupattacksXSS(cross-sitescripting)267–269HTMLinputusingprovenXSSfilteron275–276HTMLoutputsanitizingvaluespassedtoothersystems245htmlentities()function272–273htmlspecialchars()function272HTTPauthentication176BasicAuthentication176–177implementingwithApacheandPHP177–81implementingwithPHPalone181–184DigestAuthentication184–185implementingwithApache185–187HTTPheadervaluessanitizingvaluespassedtoothersystems245HTTPheaders,well-formednessof462–463HTTPRequestSmuggling465–466HTTPResponseSplittingattacks463–464HTTPwebservicesREST(REpresentationalStateTransfer)456HTTPSusedfortransactionswhenSSLisinvolved116humanactionscomparedtocomputeractions331humanattacks5–6HUPsignal425Iidentityverification347–348abusers348griefersandtrolls350scammers349spammers348requiringonlinepayment355usingaworkingemailaddress350–351verifyworkingmailbox351verifyingreceiptwithtoken351–355usingSMS(ShortMessageService)356usingverifieddigitalsignatures356–357verifyingphysicaladdress355tagXSSscripting264486INDEXIGNOREdirectiveINSERTquery407imagesourceforgingURIsforXSSattacks270imageftbbox()function341imagefttext()function342IMAPusingforlonger-termqueueing434–435imap_open()function137,138tag270XSSscripting264include()function293cautioninallowinguserinput283cautioninusing302informationprovidedbyusers5automatedattacks6–7humanattacks5–6informationprovidedtousers8ini_set()directivesusingtopreventsessionabuse323injection249SeealsoSQLinjectioninodes14inputvalidation229abstractingtype,lengthandformatvalidation239–240allowingonlyexpectedinput235–236checkingformat239checkinginputtype236FALSEvsemptyvsNULL238–239numbers237strings236TRUEandFALSE238checkinglength239sanitizingvaluespassedtoothersystems241databasequeries245emailaddressesandemail244–245filepaths,names,andURIs243–244HTMLoutput245HTTPheadervalues245metacharacters241–242shellarguments245securePHPsinputs233declaringvariables235turningoffglobalvariables233–235securityimplications229strategiesforfindingvulnerabilities229strategiesforvalidatinginputinPHP233testing246whattolookfor229controlcharacters230hiddeninterfaceabuse232inputbearingunexpectedcommands232metacharacters230multibyteUnicodecharacters230toomuchinput231wrongtypeofinput231INSERTqueryIGNOREdirective407logging388preventingversioningdataloss410–411insert()function436installingprograms41compilingbyhand45–47packages42–44ports44intval()function237,255InvisionPowerBoardSQLinjectionvulnerability254ionCubecompiler19is_bool()function238is_int()function237,255is_integer()function237is_long()function237is_numeric()function237–238is_string()function237is_uploaded_file()function312–313JJavaScriptattacksXSS(cross-sitescripting)269KKerberossinglesign-onauthentication195487INDEXKeyExchangemethod115killcommandsendingsignals425LLDAPauthenticatingorganizationaldirectorywithPAMmodule143libexamplelibraryexampleinstallingprogramsbyhand45–47libmcryptlibrary80libraryupgrades29recompilingafter51–52load()methodfileDataclass102,104localcopies,keepingsettingreasonablestandardofprotectionformultiuserhosts20locationspreventingtemporaryfileabuse307–310lockedflagaddingaflagtotable401lockingfilesaccidentalcorruptionprevention400logdata,displaying396–398logfiles,usertracking377log()functionapplicationloggingclasssample382loginshellsandunix13Mmagic_quotes_gpcdirective241,256makecommand46makeinstallcommand44,46maketestcommand46makeKeys()methodopenSSLobject89,93,94,95,101makeRGBColor()function342manageRolesuserinterface372–374MantisPHP-basedbugtrackingsystem472max_execution_timedirective218max_input_timedirective218mcryptfunctions80mcryptobject458decrypt()method80,85encrypt()method80,84methods81setKey()method80,83,201mcrypt()functions83mcrypt_generic()function84mcrypt_module_close()function86mcrypt_module_open()function85MD5MessageAuthenticationCode115MD5algorithmintroduction66md5()function67,83protectingpasswordsbyhashing75md5_file()function102memory_get_usage()function218memory_limitdirective218MessageAuthenticationCode115MessageDigestalgorithm.
SeeMD5metacharactersinputvalidation230sanitizingvaluespassedtoothersystems241–242shell-relatedmetacharacters286–287meta-packages53meta-ports52–53mkfscommand421mod_sslmodulecongfiguringtouseClientCertificates188globaldirectives117–118implementingSSL188implementingSSLaspartofApache'shttpdserver116per-directorydirectives119–121per-serverdirectives118–119mountcommand421mozillaBugzilla475–476multibyteUnicodecharactersinputvalidation230multiplequeryinjection253–254my_cookie()function254488INDEXMySQLhardeningadefaultMySQLinstallation220–221MySQLinjection249–251kindsofinjectionattacks252–253kindsofuserinput252multiplequeryinjection253–254PHPand251mysql_max_linksdirective218mysql_real_escape_string()function241,256mysqladmincommand-lineutility221mysqldumputilitybackingupdatabases222mysqli_multi_query()function253mysqli_stmt_bind_param()function258mysqli_stmt_bind_result()function258mysqli_stmt_execute()function259mysqli_stmt_fetch()function259Nnamessanitizingvaluespassedtoothersystems243–244netizenship.
SeegoodnetizenshipNetworkConnectionssecuringwithSSH139–172securingwithSSL109–138networkeavesdropping319NetworkFileSystem29networktimeoutshandling459–460NFS(NetworkFileSystem)effectivesecurityforproductionservers29nobodyuserdangerousoperations419dangersofsharedhosting15numberscheckinginputtype237OtagXSSscripting264octalnotationchmodcommand212on-demandreporting396one-timekeyspreventingsessionabuse325One-TimePasswordsInEverything(OPIE)143one-wayhashessettingreasonablestandardofprotectionformultiuserhosts19opensourceapplyingprinciples476–477effectivebugreporting473checkingbugisnotalreadyreportedandknown473informationtoprovide474informingdeveloper473otherresources475–476proposeconcisesolutions474–475reportwriting475responsibility475practicalities470codesharability470commercialsharewareandopensourcecode472–473licensing470maintainingcode472repositories471–472securitybenefits468–469open_basedirdirective225open_csr_new()function94OpenBSDsecurity-orientedoperatingsystem29OpenSSHcustomizingconfiguration147controllingaccess147forcinguseofSSHv2147recommendedsshd_config148–150selectingauthenticationmethods148settingcrypticparameters148settingportforwarding148installationandconfiguration144–145configuringsshd145–147introduction144privilegeseparation152–153publickeyauthenticationcomparedtopasswords153–154489INDEXrecoveringfrommisconfiguration150–152settingupSSHPubKeyAuthentication154Authorized_Keysfile154–156generatingRSAkeypair154ssh-agent157SSHportforwarding157–160problemswith160usingwithPHPapplications161automatingconnections161executingcommands170–172securelycopyingfiles162–170X11forwarding160–161OpenSSLmoduleconstructormethods94features87functions86generatingpublic/privatekeypairandtheassociatedcertificate87–110translationintoobject-orientedinterface87openSSLobjectcertificate()method95,96creating198methods93decrypt()method97encrypt()method97,99,201makeKeys()method89,94,95,101privateKey()method95,96sign()method89,99,201verify()method89,99,202opensslutilityconvertingCertificates189creatingaServerCertificate123openssl_csr_sign()function94openssl_get_publickey()function97openssl_pkey_export()function95openssl_pkey_new()function94generatinganRSAkeypair154openssl_public_encrypt()function87,97openssl_sign()function99openssl_verify()function99openssl_x509_export()function95openssl_x509_parse()function95OPIE(One-TimePasswordsInEverything)143OutputFeedbackmode72ownersandthefilesystem210–211Ppackagingsystems42installingprogramsfrom42–44PAM(PluggableAuthenticationModules)143OPIEmodule143parallelization,controlling424–425parse_url()function203,273confusionofURIswithURLsandURNs273passthru()function281password-basedauthenticationcomparedtoPublicKeyAuthentication154SSHversion1141SSHversion2142passwordseffectivesecurityforproductionservers30protecting75–79pcntl_fork()functioncreatingchildprocess426pcntl_signal()function429PearValidateclass276peerreviewSeealsoopensourcetakingadvantageof467–477PEM(PrivacyEnhancedMail)111periodicsummaries392–396permissions216introduction209–211manipulating211–212preventingtemporaryfileabuse310–311PermitEmptyPasswordsdirective,uncommenting147persistentsessions315Petro,ChristopherPresidentBillClintonprank6phishingandsessionhijacking320–321490INDEXPHPandMySQLinjection251updating50PHPdaemonsusingprocesscontrolin425–433PHPfunctionsglobaldisabling289PHPResourceIndexindexofrepositories471PHPSafeMode222alternatives225features224–225workings223phpinfo()function224,285,293checkingsettingofregister_globalsdirective235PHPSESSIDconstant315,321values316–318physicaladdressverifyingforidentityverification355pingcommand421pkcs7functionssigningandencryptionofS/MIMEemailmessages87pkeyfunctionsprivatekeys87PKI(PublicKeyInfrastructure)110X.
509format111PluggableAuthenticationModules143portforwarding157–158example158–160problemswith160ports,installingprograms44portupgradecommand52POSTmethod252post_max_sizedirective218pow()function63PPG(PrettyGoodPrivacy)introduction65PracticalCryptographyNielsFergusonandBruceSchneier55pranksters6preg_replace()function299,300,301cautioninallowinguserinput283emodifier298PrettyGoodPrivacy(PGP)65PrivacyEnhancedMail(PEM)111privateinterfacesapplicationaccesscontrolstrategies360privatekeysgeneratingwithopensslutility123keepingoffpublicservers87usingfordecryption86privateKey()methodopenSSLobject93,95,96privilegedusersandunix13ProApacheWainwright,Peter176proc_nice()function432processactivitysystem-levelaccountability378ProcessControlfunctions425usinginPHPdaemons425–433processessystemprotectionfrom216–218processorLog()function442procopen()function281productiondatabackups36–38productionenvironment,separationof25productionserverscharacteristicsofproperlymaintainedproductionserver25–26effectivesecurity29–38reasonsforseparation27–28ProFTPdserverlockingusersintotheirhomedirectories215PromiscuousModenetworkeavesdropping319proxiesandsessionhijacking320–321publicinterfacesapplicationaccesscontrolstrategies360PublicKeyAuthenticationcomparedtopasswords154491INDEXsettingupSSHPubKeyAuthentication154–157SSHversion2142–143PublicKeyInfrastructure.
SeePKIpublic-keyencryption86settingreasonablestandardofprotectionformultiuserhosts19putenv()function224Qqueueingresource-intensiveoperations423buildingaqueue433usingadatabaseforqueueing435–439usingadropfolderforshort-termqueueing434usingIMAPforlonger-termqueueing434–435controllingparallelization424–425implications423–424trackingqueuedtasks449–453triggeringbatchprocessing439PHPbatchprocessingdaemon443–449usingcrontorunascript439–443usingProcessControlinPHPdaemons425assigningalowerpriority433demonstrationdaemon426–432forkingtohandlesimultaneousrequests425–432signalhandling425QUITcommand351quoted_printable_decode()function245Rraceconditions306rand()function354randomnumbers70Raymond,Ericcathedralandbazaarmodels467–468RC4introduction62–63rdiff-backupversioningfiles416readingfromknownfilespreventingtemporaryfileabuse312rebootcommand421recorddeletionavoidance404addingadeletedflagtoatable405creatingless-privilegeddatabaseusers405–406enforcingdeletedfieldinSELECTqueries406usingaseparatetabletohidedeletedrecords407–408usingaviewtohidedeletedrecords406–407providinganundeleteinterface408RecordProtocol115RedHatrpmpackagingsystem42up2dateprogram43referringpageaddress,checkingpreventingsessionabuse326register_globalsdirectiveturnedoninGForgeattack282turningoff233–235regressiontestsdevelopmentinfrastructure27remoteexecutiondangersof283embeddingofPHPcodeinuploadedfiles283–285injectionofPHPcode283injectionofshellcommandsorscripts285–287preventing281allowonlytrusted,humanuserstoimportcode289bewareofpreg_replace()patternswiththeemodifier298donotallowPHPscriptsfromremoteservers293escapingshellcommands294–297limitallowablefilenameextensionsforuploads288sanitizeuntrustedinputtoeval()function289–293storeuploadsoutsideofwebdocumentroot288vulnerabletemplatesystem298–301492INDEXremoteexecution(continued)testingforvulnerabilities301–302workingsof281–282repositories,opensource471–472requestdata379requestURI379require()functioncautioninallowinguserinput283resourcedepletiondownsideofportinstallations45resource-intensivecommandsasdangerousoperations421–422resource-intensiveoperationshandlingwithaqueue433buildingaqueue433–439trackingqueuedtasks449–453triggeringbatchprocessing439–449queueing423controllingparallelization424–425implications423–424usingprocesscontrolinPHPdaemons425–433responselogging390REST(REpresentationalStateTransfer)HTTPwebservices456reverseproxiesandsessionhijacking321ReverseTuringTest332SeealsoTuringTestREVOKEstatement220rhostsauthenticationSSHversion1141withRSA-basedhostauthentication141RIPEMD-160algorithm68rlogutility282Roadsendcompiler19roles-basedaccesscontrol364–365authorizationbasedonroles365–367actions371location370magicalrolenames369–370namesofroles367–369roleassignments371–372rolesamples367existingsystems365makingitwork372administrativerequirements372approachestocheckingbadges374–375interfaceparts372–374root13–15root-levelcommandsdangerousoperations420sbinbinaries420suidbitandsudocommand420root-leveloperationscreatingAPIfor422–423routecommand421RPCs(RemoteProcedureCalls)handlingsafely455makingsubrequestssafely459cachesubrequests461–462HTTPheaders462–466networktimeouts459–460Webservices456HTTPwebservices456keepinginterfacesecure457–458SOAP457XML-RPCwebservices456rpmpackagingsystem42RSAasymmetricalgorithms57demonstration87–101expenseof87introduction64usingprivateRSAkeytodecryptAESkey87RSAkeypair,generatinginSSH154RSA-basedchallenge-responseauthenticationSSHversion1141rsynccommand20arguments32transferingcontenttoproductionserver30–32SS/MIMEprotocol65SafeModeoptionminimizingsystem-levelproblems18preventingattacksfromnobodyuser15493INDEXsafe()function258,272,277,352Safe_HTMLproject276safe_mode_allowed_env_varsdirective224safe_mode_exec_dirdirective224safe_mode_include_dirdirective224safe_mode_protected_env_varsdirective225safeForEval()customfunction290,292,293salt,appendingtopasswordsforsecurity76sandboxdevelopmentinfrastructure27sbinbinaries420scammers349scarceresources,secureprogramming3Schneier,BruceAppliedCryptography55Blowfish62PracticalCryptography(withNielsFerguson)55scp,securereplacementfortheunixcpcommand144scponlyproject24screenscraping8tagXSSscripting264scriptabletemplatescautioninallowinguserinput283secrets,secureprogramming3secureconnectionsSSLorSSH172valueof172secureenvironment11sharedhosts13–24secureprogramming3computersecurity3impossibilityofabsolutesecurity4SecureShell.
SeeSSHSecureSocketsLayer.
SeeSSLSecure/MultipurposeInternetMailExtensions.
SeeS/MIMEprotocolsecurityattacksonwebapplications4automatedattacks6–7humanattacks5–6informationprovidedtousers8othercases9maintainingseparatedevelopmentandproductionenvironments25–38salts76secureprogramming3computersecurity3impossibilityofcompletecomputersecurity4symmetricencryptionproblems86securitybenefitsopensource468–469securityvulnerabilities17SELECTstatementsenforcingdeletedfield406injectionattacks252testingprotectionagainst260–261usingmarker258usingaseparatetabletohidedeletedrecords407–408usingaviewtohidedeletedrecords406–407Sendmaileffectivesecurityforproductionservers29ServerCertificateschoosingaCA124-125creatingaCertificate123–124installingintoabrowser125managing125–126obtaining123serverlogssystem-levelaccountability378servertechnology,suexec18sessionabusepreventingineffectualsolutions325–326regeneratingIDsforuserswithchangedstatus324session.
timeouts323–324SSL(SecureSocketsLayer)322–323testforprotection326usingcookiesinsteadof$_GETvariables323sessionfixation321–322sessionhijacking315,319fowarding,proxiesandphishing320–321494INDEXsessionhijacking(continued)networkeavesdropping319reverseproxies321unwittingexposure319–320sessionIDessentialapplicationloggingcontent379session.
timeoutspreventingsessionabuse323–324session.
use_only_cookiesdirective320usingtopreventsessionabuse323session.
use_trans_siddirective319usingtopreventsessionabuse323session_id()function317,322session_regenerate_id()function324,325session_start()function315,316,322sessionspersistentsessions315PHPsessions315–316preventingsessionabuse322codeabstraction325ineffectualsolutions325–326regeneratingIDsforuserswithchangedstatus324session.
timeouts323–324SSL(SecureSocketsLayer)322–323testforprotection326usingcookiesinsteadof$_GETvariables323samplesession316–318sessionfixation321–322sessionhijacking319fowarding,proxiesandphishing320–321networkeavesdropping319reverseproxies321unwittingexposure319–320set-groupid214setKey()methodmcryptobject80,81,83,201settype()function237,255set-user-id214set-user-IDbitsetdangerousoperations420sftpsubsystem144SGID214SHA-1algorithm67MessageAuthenticationCode115sha1()function67protectingpasswordsbyhashing75,78,79SHA-2algorithm68sharedgroupdirectories213set-groupid214umask214sharedhosting13–14dangers14–15inventoryofeffects16minimizingsystem-levelproblems17–18reasonablestandardofprotection18–21systemadministration22addinguserforeachdomain23Apachevirtualhostconfiguration23creatingsecuredatabase24filloutfilesystem23restrictingaccesstoscponly24virtualhostingscheme16securityproblems16–17sharedmemoryfunctionsresource425shellaccesssettingreasonablestandardofprotectionformultiuserhosts19shellargumentssanitizingvaluespassedtoothersystems245shellcommandsattackersuseof285escaping294–297shell_exec()function281,294,389,390,415cautioninusing301shell-relatedmetacharacters286,287ShortMessageService(SMS)356shutdownfunctions380,421sig_handler()function429sign()methodopenSSLobject89,93,99,201signalhandlingintroduction425495INDEXsignatures,chaining124verificationofdata107SimpleObjectAccessProtocol(SOAP)457simultaneousrequestsforkingtohandle425–426singlesign-onauthentication194buildingsystem195–196applicationside203–205PHPclasstoimplementsinglesign-on197–203serverside205–207Kerberos195SMS(ShortMessageService)usingforidentityverification356SOAP(SimpleObjectAccessProtocol)webservicesandRCPs457SockPuppetAttacks5softwareinstallingprograms41compilingbyhand45–47packages42–43ports44–45keepinguptodate41–53updating47–48Apache49–50monitoringversionrevisions51PHP50recompilingafterupdatinglibraries51–52usingagoldservertodistributeupdates52–53SourceForge471spam7spammersintroduction348SQLinjection249preventing255abstractingtoimprovesecurity256checktypesofuserssubmittedvalues255–256demarcatevaluesinqueries255escapingdubiouscharactersinqueries256fullabstraction260retrofittingexistingapplication257securingnewapplication257–259testingprotectionagainst260–261workingsof249–251SQLitedatabaseenginemultiple-instructionqueries254sqlite_query()function254ssh,secureterminalclient144SSH(SecureShell)139asconsoleinterface139authenticationwithPAM143comparedtoSSL172introduction139–140protocolversions140version1140–142version2142–143usingOpenSSH144usingwithPHPapplications161automatingconnections161executingcommands170–172securelycopyingfiles162–170SSHversion1introduction140–142SSHversion2forcinguseofonOpenSSH147introduction142–143ssh2.
sftpwrappercommand162ssh2_auth_passwordfunction165ssh2_connectfunction171ssh2_execfunction171ssh2_sftpfunction165ssh2_sftp_mkdirfunction167ssh-agentgeneratingkeypairs144settingupSSHPubKeyAuthentication157sshdconfiguring145,147OpenSSHserver144sshd_configconfigurationfilerecommendations148–150ssh-keygengeneratingkeypairs144ssh-keygencommand154,171496INDEXssh-keygen-trsacommandgeneratinginRSAkeypairinSSH154SSL(SecureSocketsLayer)andpreventingXSS271–272application-levelSSLsupport126genericSSLwithstunnel126–127comparedtoSSH172connectingtoSSLserverswithPHP127FTPandFTPSwrapper134–137HTTPSwrapper132–134IMAPandPOPsupportusingTLStransport137–138PHPsstreams,wrappersandtransports128SSLandTLStransports129–131HTPoverSSL116sampleSSLconfigurationfile121–123introduction110preventingsessionabuse322–323protocols115providingSSLonyourservers116securingHTTPcommunication109securingnetworkconnections109ServerCertificateschoosingaCertificateAuthority124–125creatingaCertificate123–124managing125–126obtaining123verifyingconnection191–192SSLClientCertificatecertificate-basedauthenticationusingHTTPS188SSLHandshakeProtocol115SSLRecordProtocol115SSLCACertificateFiledirective188SSLCertificateChainFiledirective119SSLCertificateFiledirective119SSLCertificateKeyFiledirective119SSLCipherSuitedirective120SSLeayopensourceimplementationofSSLprotocol110SSLEnginedirective119SSLLogdirective119SSLLogLeveldirective119SSLMutexdirective117SSLPassPhraseDialogdirective117SSLProtocoldirective119SSLRandomSeeddirective117SSLRequiredirective120SSLRequireSSLdirective120SSLSessionCachedirective117SSLVerifyClientdirective120SSLVerifyClientrequiredirective188SSLVerifyDepthdirective188stat()function102StatcountervulnerabilitytoXSSattacks266–267StdEnvVarsdirective120STOPsignal425storage,abuseof5str_replace()function290,465preg_replace()functionasalternativeto298stream_context_create()function128stream_context_get_options()function128stream_context_set_option()function128stream_get_meta_data()function132stream_set_blocking()function131,460stream_set_timeout()function459,461streams128strings,checkinginputtype236strip_tags()function277stripslashes()function241,242,256strlen()function239,256strpos()function256strtoupper()function298stunnelprogramapplication-levelSSLsupport126–127subrequestsmakingsafely459–466Subversionversioncontrolsystem20,26,416sudocommand46dangerousoperations420suexec18SUID214suidbitsetdangerousoperations420497INDEXsymmetricalgorithms3DES61–62AES62Blowfish62RC462–63symmetricencryption57protectingsensitivedata80–86securityproblems86SysAdminDisasteroftheMonth38systemadministrators13systemcommands419dangerousoperations419resource-intensivecommands421–422root-levelcommands420systemlogsmonitoring38system-levelaccountability378systemprotectionfromprocesses209,216Seealsofilesystempermissionsdiskquotas217PHP'sresourcelimits218resourcelimits216–217system()function281,282,283,294system-levelaccountabilityreview378Ttagbackgroundattribute270tablesaddingadeletedflag405addingalockedflagto401tempnam()function307,308temporaryfiles303characteristics304locations304permanence304practicalroles303–304preventingabuse306locations307–310permissions310–311readingfromknownfiles312uploadedfiles,checking312–313writingtoknownfiles311–312protectingfromhijacking313–314risks304execution305hijacking306visibility305vulnerabilityfoundinTikiWiki305TERMsignal425textimagecaptchas333–334Yahooemailsignuppage332Tidymodule276TikiWikitemporaryfilevulnerability305timed_outkey459–461TLS(TransportLayerSecurity)109assuccessortoSSL109demonstratinguseof137–138introduction110tokens,verifyingreceipts351touch()function308trackingqueuedtasks449–453transactionclassupdate()method389transferingcontenteffectivesecurityforproductionservers30transparentsessionID316TransportLayerSSH(SecureShell)140SSHversion1141TransportLayerSecurity.
SeeTLStransports128Triple-DES.
See3DEStrolls6introduction350TuringTest,AlanTuring331SeealsoReverseTuringTesttwo-factorauthentication187certificate-basedauthenticationusingHTTPS187–188configuringmod_ssltouseClientCertificates188creatingCertificates189readingClientCertificatesdetailsinPHP193usingCertificates189–191verifyingSSLconnection191–192498INDEXtwo-factorauthentication(continued)usingone-timekeysforauthentication194Uumaskvalue214UML(User-modeLinux)21umountcommand421unavailabilityofcompile-timeoptionsdownsideofinstallingfrompackagingsystems43unavailableoptimizationsdownsideofinstallingfrompackagingsystems44uniqid()function308,309,354unittestingdevelopmentinfrastructure27unixfilesystempermissions209introduction13–14unreadabilitypotentialcaptchaproblems345unsafenetworking222up2dateprogram43UPDATEcommandpreventingversioningdataloss410–411UPDATEquerylogging388UPDATEstatementsinjectionattacks252update()methodtransactionclass389updatingsoftware47–48Apache49–50monitoringversionrevisions51PHP50recompilingafterupdatinglibraries51–52usingagoldservertodistributeupdates52meta-packages53meta-ports52–53upgradingapplicationsandlibraries29upload_max_filesizedirective218uploadedfiles,checkingpreventingtemporaryfileabuse312–313URIsconfusionoftermwithURLsandURNs273forgingforXSSattacks269–270forgingimagesourceURIsforXSSattacks270sanitizingalluser-submittedURIstopreventXSSattacks)273–274sanitizingvaluespassedtoothersystems243–244urlencode()function465usagereports,generating391importantalerts391–392on-demandreporting396periodicsummaries392–396useragent,checkingpreventingsessionabuse326userdifficultiespotentialcaptchaproblems346usergroupsapplicationaccesscontrolstrategies362–363userIDessentialapplicationloggingcontent379useridentityverification.
Seeidentityverificationusertracking377usertypesapplicationaccesscontrolstrategies361–362user-levelactivitysystem–levelaccountability378User–modeLinux.
SeeUMLusersIDs,regeneratingpreventingsessionabuse324VValidateclassPear276validatinguserinput.
Seeinputvalidation499INDEXverificationofdatausingdigests101–107usingsignatures107verifieddigitalsignaturesusingforidentityverification356–357verify()methodopenSSLobject89,93,99,202verifyingidentity.
Seeidentityverificationversioncontrolsystems20,416developmentinfrastructure26runningshellscriptsoncommitorupdates33–35versioneddatabasefilestorecreating411garbagecollection413–415realisticPHPversioningsystem412–413versioningmonitoringrevisions51preventingdataloss400,408creatingaversioneddatabasefilestore411–415INSERTandUPDATE410–411tablestructure408–409versioningfilesrdiff-backup416versioncontrolsystems416WebDAVwithversioning416virtualhostingcomparedtovirtualmachines21,22virtualmachines22comparedtovirtualhosting21–22viruses6visibility,temporaryfiles305VMware22VRFYcommandverifyingworkingmailbox351WWainwright,PeterProApache176webservicesHTTPandREST456keepinginterfacesecure457keepingRPCinterfacesimple457–458limitingaccesstowebAPIs458managementofcaptchas336–339SOAP457XML-RPC456–457WebDAVversioningfiles416WEP(WiredEquivalentPrivacy)319wgetprogram45wheelgrouptypicallyreservedfortrustedusers147WHEREclauseDELETEstatementsandinjectionattacks253wiki,developmentinfrastructure26Wikipediafreeencyclopedia55WiredEquivalentPrivacy(WEP)319--with-mcryptconfigurationswitch80worms6wrappers128write()methodapplicationloggingclasssample382,383,386writingtoknownfilespreventingtemporaryfileabuse311–312XX.
509asPKIstandard111X11forwarding160–161x509functionscertificates87XML-RPCwebservices456–457XORalgorithm69–70XSS(cross-sitescripting)263attackslisted264categorizingattacks265applicationsitetosameorremotesite265–266remotesitetoapplicationsite265500INDEXXSS(cross-sitescripting)(continued)preventing263,271designingaprivateAPIforsensitivetransactions276–277encodeHTMLentitiesinallnonHTMLoutput272–273predictingusersactions278sanitizingalluser-submittedURIs273–274SSLand271–272usingprovenXSSfilteronHTMLinput275–276techniques267HTMLandCSSmarkupattacks267–268techniquesextraformbaggage271forgedactionURIs269–270forgedimagesourceURIs270HTMLandCSSmarkupattacks269JavaScriptattacks269testingforprotection278workingsof263scripting264YYahootextimagecaptchas332YellowDogLinuxUpdated,Modifiedpackage.
Seeyumtoolyumtool43simplifyingpackageinstallationprocess43ZZendEncodercompiler19
SeeCACertificateChain114certificate()methodopenSSLobject93,95,96CertificatesCA(CertificateAuthority)113CertificateChain114CRL(CertificateRevocationList)115introduction111–113checkingbadges,approachesto374–375checkinguploadedfilespreventingtemporaryfileabuse312,313chgrpcommand211chgrp()function215CHLDsignal425chmodcommandnotation211,212chmod()function215chowncommand211chown()function215chrootcommand215CipherFeedbackmode73clean_value()function254ClientCertificatesconfiguringmod_sslmoduletouse188creating189readingdetailsinPHP193using189,191Clinton,PresidentBillprankcarriedoutbyChristopherPetro6CNETdiscussionofgrieferproblems6cogitivecaptchas335–336commentspammakinglessattractive349commit()methodapplicationloggingclasssample384–386CompletelyAutomatedPublicTuringTesttotellComputersandHumansApart.
SeeCAPTCHAcomputeractionscomparedtohumanactions331configurationscripts,compilingsettingreasonablestandardofprotectionformultiuserhosts19–20confirmationboxaccidentalcorruptionprevention400addingtoactions401–404ConnectionLayerSSH(SecureShell)140contentsharingapplicationaccesscontrolstrategies363controlcharacters,inputvalidation230482INDEXcorruption,accidental.
Seeaccidentalcorruptionpreventioncostsandpotentialcaptchaproblems345cpcommandscpasreplacementfor144crc32()function66CreativeCommonscallsoffered458CRL(CertificateRevocationList)introduction115cron,usingtorunascript439–443cross-sitescripting.
SeeXSScryptographybooksandwebsiteresources55CSR(CertificateSigningRequest)certificate-basedauthenticationusingHTTPS187creatingfromprivateRSAkey189creatingwithopensslutility123csrfunctionscertificatesigningrequests87CSSandHTMLmarkupattacksXSS(cross-sitescripting)267–269currencydownsideofinstallingfrompackagingsystems43CVSversioncontrolsystem20,416homepage26CyclicRedundancyCheck.
SeeCRCDdaemonsandunix13controlling215creating426–432dangerousoperationsmakingsafe422implementationstrategies433–453resource-intensiveoperations423–433root-leveloperations422–423resource-intensivecommands421–422root-levelcommands420sbinbinaries420suidbitandsudocommand420datalossavoidingrecorddeletion404addingadeletedflagtoatable405creatingless-privilegeddatabaseusers405–406enforcingdeletedfieldinSELECTqueries406–408providinganundeleteinterface408preventing399–400preventingaccidentalcorruption400addingaconfirmationboxtoanaction401–404addingalockedflagtotable401versioning408–409creatingaversioneddatabasefilestore411–415INSERTandUPDATE410–411tablestructure408–409datarecoveryaddingaBooleanENUMcolumntoimportanttables405database,usingforqueueing435–439databasebackups,keepingsettingreasonablestandardofprotectionformultiuserhosts21databasefilestore.
Seeversioneddatabasefilestoredatabasepermissionssettingreasonablestandardofprotectionformultiuserhosts19databaseprotection218databaseaccess219,220databasefilesystempermissions219grantingprivileges221hardeningadefaultMySQLinstallation220–221regularbackups222unsafenetworking222databasequerieslogging388sanitizingvaluespassedtoothersystems245datecommand124Debiandpkgpackagingsystem42483INDEXdebug()functionapplicationloggingclasssample382,384decrypt()methodmcryptobject80,81,85openSSLobject93,97decryptionoftheftproofcarkey60defamation5DELETEstatementsinjectionattacks253logging388precededwithinstructiontoinsertsamerecordintostoragetable407usingBooleanENUMcolumninstead405deletionavoidance339SeealsorecorddeletionavoidanceDenialofServiceattacks9byCPUhogging17DenyGroupsdirective147DenyUsersdirective147dependenciesdownsideofinstallingfrompackagingsystems43downsideofportinstallations45destruct()methodmcryptobject81developers,controlling215developmentenvironment,separationof25developmentinfrastructureessentialpartsof26–27developmentserverscharacteristics26reasonsforseparation27–28Diffie-Hellman-Merkleasymmetricalgorithms57KeyExchangemethod63disable_classesdirective225disable_functionsdirective225,289diskquotas217DistinguishedNameaspartofcertificate87creatingwithopensslutility123dlog()function429,432DNSattacks9DomainNameSystem.
SeeDNSdpkgpackagingsystem42dropfolder,usingforshorttermqueueing434DSAalgorithm67Eemodifierpreg_replace()function298echocommand284EHLOcommand351elapsed()methodapplicationloggingclasssample381–382,390ElectronicCodebookmode72emailencryptiontechniquesPGPandGnuPG65S/MIME65sanitizingvaluespassedtoothersystems244–245tagXSSscripting264empty()function237,239--enable-sslconfigurationswitch116encrypt()methodmcryptobject80,81,84openSSLobject93,97,99,201encryption55,75algorithmstrength58–59comparedtohashing56emailencryptiontechniques64PPGandGnuPG65S/MIME65initializationvectors73introduction56–57modes71CipherBlockChainingmode73ElectronicCodebookmode72OutputFeedbackmode72passwordprotection75–79passwordstrength59–60protectingsensitivedata79asymmetricencryption86–101symmetricencryption80–86randomnumbers70484INDEXencryption(continued)recommendedencryptionalgorithms60asymmetricalgorithms64symmetricalgorithms61–63restrictionsonexportingalgorithms73–74streamsandblocks71verificationofdata101usingdigests101–107usingsignatures107–108EntropyGatheringDaemon71ENUMcolumnaddingtoimportanttables405eofproperty131errormessages,obscuring246escapeshellarg()function282,294,296,442escapeshellcmd()function294,296,297eval()function242,246,281,299cautioninallowinguserinput283cautioninusing301sanitizeuntrustedinputto289–293exec()function281,285attackersinjectingshellmetacharactersinto286executiontemporaryfiles305explode()function182FFerguson,NielsandSchneier,BrucePracticalCryptography55fileaccesscontrolsPHPtools215filepathssanitizingvaluespassedtoothersystems243–244fileversioning411file_get_contents()function166,243,301,459file_put_contents()function166,283file_uploadsdirective218fileDataclassload()method102,104filemtime()function415filesystemgroups210–211owners210–211filesystempermissionsSeealsopermissionsdatabaseprotection219–222keepingdevelopersanddaemonsintheirhomedirectories215sharedgroupdirectories213set-groupid214umask214filesystem,unix14fixation.
Seesessionfixationfloodingemailaddresses8fopen()function133,243,307creatingastream128fowardingsessionhijacking320–321fsockopen()function459creatingastream128FTPandeffectivesecurityforproductionservers29ftp_ssl_connect()function134,135full-statelogging390–391Ggarbagecollectioncreatingversioneddatabasefilestore413–415GETmethod252getCA()methodopenSSLobject93getCACommonName()methodopenSSLobject93getCommonName()methodopenSSLobject93getDN()methodopenSSLobject93getimagesize()function284gettype()function237,255GForgeremoteexecutionattack282GnuPG(GnuPrivacyGuard)65goldserversusingtodistributeupdates52meta-packages53meta-ports52–53485INDEXgoodnetizenshipsecureprogramming3GRANTstatement220granttablescontrollingdatabaseaccess219–220graphscreatingtime-basedgraphs,397–398griefers6introduction350groupsandthefilesystem210–211HHandshakeProtocol115harvestingemailaddresses8hashingcomparedtoencryption56–60introduction57–58newhashingalgorithms68RIPEMD-16068SHA-268recommendedhashfunctions66CRC3266DSA67MD566SHA-167hiddeninterfaceabuseinputvalidation232highlight_file()function243,289,290hijackingSeealsosessionhijackingattacksoncaptchas344potentialcaptchaproblems345temporaryfiles306testingprotection313–314homedirectoryandunix13Host-basedAuthenticationSSHversion2143HTMLpreventingXSSattacks272–273HTMLandCSSmarkupattacksXSS(cross-sitescripting)267–269HTMLinputusingprovenXSSfilteron275–276HTMLoutputsanitizingvaluespassedtoothersystems245htmlentities()function272–273htmlspecialchars()function272HTTPauthentication176BasicAuthentication176–177implementingwithApacheandPHP177–81implementingwithPHPalone181–184DigestAuthentication184–185implementingwithApache185–187HTTPheadervaluessanitizingvaluespassedtoothersystems245HTTPheaders,well-formednessof462–463HTTPRequestSmuggling465–466HTTPResponseSplittingattacks463–464HTTPwebservicesREST(REpresentationalStateTransfer)456HTTPSusedfortransactionswhenSSLisinvolved116humanactionscomparedtocomputeractions331humanattacks5–6HUPsignal425Iidentityverification347–348abusers348griefersandtrolls350scammers349spammers348requiringonlinepayment355usingaworkingemailaddress350–351verifyworkingmailbox351verifyingreceiptwithtoken351–355usingSMS(ShortMessageService)356usingverifieddigitalsignatures356–357verifyingphysicaladdress355tagXSSscripting264486INDEXIGNOREdirectiveINSERTquery407imagesourceforgingURIsforXSSattacks270imageftbbox()function341imagefttext()function342IMAPusingforlonger-termqueueing434–435imap_open()function137,138tag270XSSscripting264include()function293cautioninallowinguserinput283cautioninusing302informationprovidedbyusers5automatedattacks6–7humanattacks5–6informationprovidedtousers8ini_set()directivesusingtopreventsessionabuse323injection249SeealsoSQLinjectioninodes14inputvalidation229abstractingtype,lengthandformatvalidation239–240allowingonlyexpectedinput235–236checkingformat239checkinginputtype236FALSEvsemptyvsNULL238–239numbers237strings236TRUEandFALSE238checkinglength239sanitizingvaluespassedtoothersystems241databasequeries245emailaddressesandemail244–245filepaths,names,andURIs243–244HTMLoutput245HTTPheadervalues245metacharacters241–242shellarguments245securePHPsinputs233declaringvariables235turningoffglobalvariables233–235securityimplications229strategiesforfindingvulnerabilities229strategiesforvalidatinginputinPHP233testing246whattolookfor229controlcharacters230hiddeninterfaceabuse232inputbearingunexpectedcommands232metacharacters230multibyteUnicodecharacters230toomuchinput231wrongtypeofinput231INSERTqueryIGNOREdirective407logging388preventingversioningdataloss410–411insert()function436installingprograms41compilingbyhand45–47packages42–44ports44intval()function237,255InvisionPowerBoardSQLinjectionvulnerability254ionCubecompiler19is_bool()function238is_int()function237,255is_integer()function237is_long()function237is_numeric()function237–238is_string()function237is_uploaded_file()function312–313JJavaScriptattacksXSS(cross-sitescripting)269KKerberossinglesign-onauthentication195487INDEXKeyExchangemethod115killcommandsendingsignals425LLDAPauthenticatingorganizationaldirectorywithPAMmodule143libexamplelibraryexampleinstallingprogramsbyhand45–47libmcryptlibrary80libraryupgrades29recompilingafter51–52load()methodfileDataclass102,104localcopies,keepingsettingreasonablestandardofprotectionformultiuserhosts20locationspreventingtemporaryfileabuse307–310lockedflagaddingaflagtotable401lockingfilesaccidentalcorruptionprevention400logdata,displaying396–398logfiles,usertracking377log()functionapplicationloggingclasssample382loginshellsandunix13Mmagic_quotes_gpcdirective241,256makecommand46makeinstallcommand44,46maketestcommand46makeKeys()methodopenSSLobject89,93,94,95,101makeRGBColor()function342manageRolesuserinterface372–374MantisPHP-basedbugtrackingsystem472max_execution_timedirective218max_input_timedirective218mcryptfunctions80mcryptobject458decrypt()method80,85encrypt()method80,84methods81setKey()method80,83,201mcrypt()functions83mcrypt_generic()function84mcrypt_module_close()function86mcrypt_module_open()function85MD5MessageAuthenticationCode115MD5algorithmintroduction66md5()function67,83protectingpasswordsbyhashing75md5_file()function102memory_get_usage()function218memory_limitdirective218MessageAuthenticationCode115MessageDigestalgorithm.
SeeMD5metacharactersinputvalidation230sanitizingvaluespassedtoothersystems241–242shell-relatedmetacharacters286–287meta-packages53meta-ports52–53mkfscommand421mod_sslmodulecongfiguringtouseClientCertificates188globaldirectives117–118implementingSSL188implementingSSLaspartofApache'shttpdserver116per-directorydirectives119–121per-serverdirectives118–119mountcommand421mozillaBugzilla475–476multibyteUnicodecharactersinputvalidation230multiplequeryinjection253–254my_cookie()function254488INDEXMySQLhardeningadefaultMySQLinstallation220–221MySQLinjection249–251kindsofinjectionattacks252–253kindsofuserinput252multiplequeryinjection253–254PHPand251mysql_max_linksdirective218mysql_real_escape_string()function241,256mysqladmincommand-lineutility221mysqldumputilitybackingupdatabases222mysqli_multi_query()function253mysqli_stmt_bind_param()function258mysqli_stmt_bind_result()function258mysqli_stmt_execute()function259mysqli_stmt_fetch()function259Nnamessanitizingvaluespassedtoothersystems243–244netizenship.
SeegoodnetizenshipNetworkConnectionssecuringwithSSH139–172securingwithSSL109–138networkeavesdropping319NetworkFileSystem29networktimeoutshandling459–460NFS(NetworkFileSystem)effectivesecurityforproductionservers29nobodyuserdangerousoperations419dangersofsharedhosting15numberscheckinginputtype237OtagXSSscripting264octalnotationchmodcommand212on-demandreporting396one-timekeyspreventingsessionabuse325One-TimePasswordsInEverything(OPIE)143one-wayhashessettingreasonablestandardofprotectionformultiuserhosts19opensourceapplyingprinciples476–477effectivebugreporting473checkingbugisnotalreadyreportedandknown473informationtoprovide474informingdeveloper473otherresources475–476proposeconcisesolutions474–475reportwriting475responsibility475practicalities470codesharability470commercialsharewareandopensourcecode472–473licensing470maintainingcode472repositories471–472securitybenefits468–469open_basedirdirective225open_csr_new()function94OpenBSDsecurity-orientedoperatingsystem29OpenSSHcustomizingconfiguration147controllingaccess147forcinguseofSSHv2147recommendedsshd_config148–150selectingauthenticationmethods148settingcrypticparameters148settingportforwarding148installationandconfiguration144–145configuringsshd145–147introduction144privilegeseparation152–153publickeyauthenticationcomparedtopasswords153–154489INDEXrecoveringfrommisconfiguration150–152settingupSSHPubKeyAuthentication154Authorized_Keysfile154–156generatingRSAkeypair154ssh-agent157SSHportforwarding157–160problemswith160usingwithPHPapplications161automatingconnections161executingcommands170–172securelycopyingfiles162–170X11forwarding160–161OpenSSLmoduleconstructormethods94features87functions86generatingpublic/privatekeypairandtheassociatedcertificate87–110translationintoobject-orientedinterface87openSSLobjectcertificate()method95,96creating198methods93decrypt()method97encrypt()method97,99,201makeKeys()method89,94,95,101privateKey()method95,96sign()method89,99,201verify()method89,99,202opensslutilityconvertingCertificates189creatingaServerCertificate123openssl_csr_sign()function94openssl_get_publickey()function97openssl_pkey_export()function95openssl_pkey_new()function94generatinganRSAkeypair154openssl_public_encrypt()function87,97openssl_sign()function99openssl_verify()function99openssl_x509_export()function95openssl_x509_parse()function95OPIE(One-TimePasswordsInEverything)143OutputFeedbackmode72ownersandthefilesystem210–211Ppackagingsystems42installingprogramsfrom42–44PAM(PluggableAuthenticationModules)143OPIEmodule143parallelization,controlling424–425parse_url()function203,273confusionofURIswithURLsandURNs273passthru()function281password-basedauthenticationcomparedtoPublicKeyAuthentication154SSHversion1141SSHversion2142passwordseffectivesecurityforproductionservers30protecting75–79pcntl_fork()functioncreatingchildprocess426pcntl_signal()function429PearValidateclass276peerreviewSeealsoopensourcetakingadvantageof467–477PEM(PrivacyEnhancedMail)111periodicsummaries392–396permissions216introduction209–211manipulating211–212preventingtemporaryfileabuse310–311PermitEmptyPasswordsdirective,uncommenting147persistentsessions315Petro,ChristopherPresidentBillClintonprank6phishingandsessionhijacking320–321490INDEXPHPandMySQLinjection251updating50PHPdaemonsusingprocesscontrolin425–433PHPfunctionsglobaldisabling289PHPResourceIndexindexofrepositories471PHPSafeMode222alternatives225features224–225workings223phpinfo()function224,285,293checkingsettingofregister_globalsdirective235PHPSESSIDconstant315,321values316–318physicaladdressverifyingforidentityverification355pingcommand421pkcs7functionssigningandencryptionofS/MIMEemailmessages87pkeyfunctionsprivatekeys87PKI(PublicKeyInfrastructure)110X.
509format111PluggableAuthenticationModules143portforwarding157–158example158–160problemswith160ports,installingprograms44portupgradecommand52POSTmethod252post_max_sizedirective218pow()function63PPG(PrettyGoodPrivacy)introduction65PracticalCryptographyNielsFergusonandBruceSchneier55pranksters6preg_replace()function299,300,301cautioninallowinguserinput283emodifier298PrettyGoodPrivacy(PGP)65PrivacyEnhancedMail(PEM)111privateinterfacesapplicationaccesscontrolstrategies360privatekeysgeneratingwithopensslutility123keepingoffpublicservers87usingfordecryption86privateKey()methodopenSSLobject93,95,96privilegedusersandunix13ProApacheWainwright,Peter176proc_nice()function432processactivitysystem-levelaccountability378ProcessControlfunctions425usinginPHPdaemons425–433processessystemprotectionfrom216–218processorLog()function442procopen()function281productiondatabackups36–38productionenvironment,separationof25productionserverscharacteristicsofproperlymaintainedproductionserver25–26effectivesecurity29–38reasonsforseparation27–28ProFTPdserverlockingusersintotheirhomedirectories215PromiscuousModenetworkeavesdropping319proxiesandsessionhijacking320–321publicinterfacesapplicationaccesscontrolstrategies360PublicKeyAuthenticationcomparedtopasswords154491INDEXsettingupSSHPubKeyAuthentication154–157SSHversion2142–143PublicKeyInfrastructure.
SeePKIpublic-keyencryption86settingreasonablestandardofprotectionformultiuserhosts19putenv()function224Qqueueingresource-intensiveoperations423buildingaqueue433usingadatabaseforqueueing435–439usingadropfolderforshort-termqueueing434usingIMAPforlonger-termqueueing434–435controllingparallelization424–425implications423–424trackingqueuedtasks449–453triggeringbatchprocessing439PHPbatchprocessingdaemon443–449usingcrontorunascript439–443usingProcessControlinPHPdaemons425assigningalowerpriority433demonstrationdaemon426–432forkingtohandlesimultaneousrequests425–432signalhandling425QUITcommand351quoted_printable_decode()function245Rraceconditions306rand()function354randomnumbers70Raymond,Ericcathedralandbazaarmodels467–468RC4introduction62–63rdiff-backupversioningfiles416readingfromknownfilespreventingtemporaryfileabuse312rebootcommand421recorddeletionavoidance404addingadeletedflagtoatable405creatingless-privilegeddatabaseusers405–406enforcingdeletedfieldinSELECTqueries406usingaseparatetabletohidedeletedrecords407–408usingaviewtohidedeletedrecords406–407providinganundeleteinterface408RecordProtocol115RedHatrpmpackagingsystem42up2dateprogram43referringpageaddress,checkingpreventingsessionabuse326register_globalsdirectiveturnedoninGForgeattack282turningoff233–235regressiontestsdevelopmentinfrastructure27remoteexecutiondangersof283embeddingofPHPcodeinuploadedfiles283–285injectionofPHPcode283injectionofshellcommandsorscripts285–287preventing281allowonlytrusted,humanuserstoimportcode289bewareofpreg_replace()patternswiththeemodifier298donotallowPHPscriptsfromremoteservers293escapingshellcommands294–297limitallowablefilenameextensionsforuploads288sanitizeuntrustedinputtoeval()function289–293storeuploadsoutsideofwebdocumentroot288vulnerabletemplatesystem298–301492INDEXremoteexecution(continued)testingforvulnerabilities301–302workingsof281–282repositories,opensource471–472requestdata379requestURI379require()functioncautioninallowinguserinput283resourcedepletiondownsideofportinstallations45resource-intensivecommandsasdangerousoperations421–422resource-intensiveoperationshandlingwithaqueue433buildingaqueue433–439trackingqueuedtasks449–453triggeringbatchprocessing439–449queueing423controllingparallelization424–425implications423–424usingprocesscontrolinPHPdaemons425–433responselogging390REST(REpresentationalStateTransfer)HTTPwebservices456reverseproxiesandsessionhijacking321ReverseTuringTest332SeealsoTuringTestREVOKEstatement220rhostsauthenticationSSHversion1141withRSA-basedhostauthentication141RIPEMD-160algorithm68rlogutility282Roadsendcompiler19roles-basedaccesscontrol364–365authorizationbasedonroles365–367actions371location370magicalrolenames369–370namesofroles367–369roleassignments371–372rolesamples367existingsystems365makingitwork372administrativerequirements372approachestocheckingbadges374–375interfaceparts372–374root13–15root-levelcommandsdangerousoperations420sbinbinaries420suidbitandsudocommand420root-leveloperationscreatingAPIfor422–423routecommand421RPCs(RemoteProcedureCalls)handlingsafely455makingsubrequestssafely459cachesubrequests461–462HTTPheaders462–466networktimeouts459–460Webservices456HTTPwebservices456keepinginterfacesecure457–458SOAP457XML-RPCwebservices456rpmpackagingsystem42RSAasymmetricalgorithms57demonstration87–101expenseof87introduction64usingprivateRSAkeytodecryptAESkey87RSAkeypair,generatinginSSH154RSA-basedchallenge-responseauthenticationSSHversion1141rsynccommand20arguments32transferingcontenttoproductionserver30–32SS/MIMEprotocol65SafeModeoptionminimizingsystem-levelproblems18preventingattacksfromnobodyuser15493INDEXsafe()function258,272,277,352Safe_HTMLproject276safe_mode_allowed_env_varsdirective224safe_mode_exec_dirdirective224safe_mode_include_dirdirective224safe_mode_protected_env_varsdirective225safeForEval()customfunction290,292,293salt,appendingtopasswordsforsecurity76sandboxdevelopmentinfrastructure27sbinbinaries420scammers349scarceresources,secureprogramming3Schneier,BruceAppliedCryptography55Blowfish62PracticalCryptography(withNielsFerguson)55scp,securereplacementfortheunixcpcommand144scponlyproject24screenscraping8tagXSSscripting264scriptabletemplatescautioninallowinguserinput283secrets,secureprogramming3secureconnectionsSSLorSSH172valueof172secureenvironment11sharedhosts13–24secureprogramming3computersecurity3impossibilityofabsolutesecurity4SecureShell.
SeeSSHSecureSocketsLayer.
SeeSSLSecure/MultipurposeInternetMailExtensions.
SeeS/MIMEprotocolsecurityattacksonwebapplications4automatedattacks6–7humanattacks5–6informationprovidedtousers8othercases9maintainingseparatedevelopmentandproductionenvironments25–38salts76secureprogramming3computersecurity3impossibilityofcompletecomputersecurity4symmetricencryptionproblems86securitybenefitsopensource468–469securityvulnerabilities17SELECTstatementsenforcingdeletedfield406injectionattacks252testingprotectionagainst260–261usingmarker258usingaseparatetabletohidedeletedrecords407–408usingaviewtohidedeletedrecords406–407Sendmaileffectivesecurityforproductionservers29ServerCertificateschoosingaCA124-125creatingaCertificate123–124installingintoabrowser125managing125–126obtaining123serverlogssystem-levelaccountability378servertechnology,suexec18sessionabusepreventingineffectualsolutions325–326regeneratingIDsforuserswithchangedstatus324session.
timeouts323–324SSL(SecureSocketsLayer)322–323testforprotection326usingcookiesinsteadof$_GETvariables323sessionfixation321–322sessionhijacking315,319fowarding,proxiesandphishing320–321494INDEXsessionhijacking(continued)networkeavesdropping319reverseproxies321unwittingexposure319–320sessionIDessentialapplicationloggingcontent379session.
timeoutspreventingsessionabuse323–324session.
use_only_cookiesdirective320usingtopreventsessionabuse323session.
use_trans_siddirective319usingtopreventsessionabuse323session_id()function317,322session_regenerate_id()function324,325session_start()function315,316,322sessionspersistentsessions315PHPsessions315–316preventingsessionabuse322codeabstraction325ineffectualsolutions325–326regeneratingIDsforuserswithchangedstatus324session.
timeouts323–324SSL(SecureSocketsLayer)322–323testforprotection326usingcookiesinsteadof$_GETvariables323samplesession316–318sessionfixation321–322sessionhijacking319fowarding,proxiesandphishing320–321networkeavesdropping319reverseproxies321unwittingexposure319–320set-groupid214setKey()methodmcryptobject80,81,83,201settype()function237,255set-user-id214set-user-IDbitsetdangerousoperations420sftpsubsystem144SGID214SHA-1algorithm67MessageAuthenticationCode115sha1()function67protectingpasswordsbyhashing75,78,79SHA-2algorithm68sharedgroupdirectories213set-groupid214umask214sharedhosting13–14dangers14–15inventoryofeffects16minimizingsystem-levelproblems17–18reasonablestandardofprotection18–21systemadministration22addinguserforeachdomain23Apachevirtualhostconfiguration23creatingsecuredatabase24filloutfilesystem23restrictingaccesstoscponly24virtualhostingscheme16securityproblems16–17sharedmemoryfunctionsresource425shellaccesssettingreasonablestandardofprotectionformultiuserhosts19shellargumentssanitizingvaluespassedtoothersystems245shellcommandsattackersuseof285escaping294–297shell_exec()function281,294,389,390,415cautioninusing301shell-relatedmetacharacters286,287ShortMessageService(SMS)356shutdownfunctions380,421sig_handler()function429sign()methodopenSSLobject89,93,99,201signalhandlingintroduction425495INDEXsignatures,chaining124verificationofdata107SimpleObjectAccessProtocol(SOAP)457simultaneousrequestsforkingtohandle425–426singlesign-onauthentication194buildingsystem195–196applicationside203–205PHPclasstoimplementsinglesign-on197–203serverside205–207Kerberos195SMS(ShortMessageService)usingforidentityverification356SOAP(SimpleObjectAccessProtocol)webservicesandRCPs457SockPuppetAttacks5softwareinstallingprograms41compilingbyhand45–47packages42–43ports44–45keepinguptodate41–53updating47–48Apache49–50monitoringversionrevisions51PHP50recompilingafterupdatinglibraries51–52usingagoldservertodistributeupdates52–53SourceForge471spam7spammersintroduction348SQLinjection249preventing255abstractingtoimprovesecurity256checktypesofuserssubmittedvalues255–256demarcatevaluesinqueries255escapingdubiouscharactersinqueries256fullabstraction260retrofittingexistingapplication257securingnewapplication257–259testingprotectionagainst260–261workingsof249–251SQLitedatabaseenginemultiple-instructionqueries254sqlite_query()function254ssh,secureterminalclient144SSH(SecureShell)139asconsoleinterface139authenticationwithPAM143comparedtoSSL172introduction139–140protocolversions140version1140–142version2142–143usingOpenSSH144usingwithPHPapplications161automatingconnections161executingcommands170–172securelycopyingfiles162–170SSHversion1introduction140–142SSHversion2forcinguseofonOpenSSH147introduction142–143ssh2.
sftpwrappercommand162ssh2_auth_passwordfunction165ssh2_connectfunction171ssh2_execfunction171ssh2_sftpfunction165ssh2_sftp_mkdirfunction167ssh-agentgeneratingkeypairs144settingupSSHPubKeyAuthentication157sshdconfiguring145,147OpenSSHserver144sshd_configconfigurationfilerecommendations148–150ssh-keygengeneratingkeypairs144ssh-keygencommand154,171496INDEXssh-keygen-trsacommandgeneratinginRSAkeypairinSSH154SSL(SecureSocketsLayer)andpreventingXSS271–272application-levelSSLsupport126genericSSLwithstunnel126–127comparedtoSSH172connectingtoSSLserverswithPHP127FTPandFTPSwrapper134–137HTTPSwrapper132–134IMAPandPOPsupportusingTLStransport137–138PHPsstreams,wrappersandtransports128SSLandTLStransports129–131HTPoverSSL116sampleSSLconfigurationfile121–123introduction110preventingsessionabuse322–323protocols115providingSSLonyourservers116securingHTTPcommunication109securingnetworkconnections109ServerCertificateschoosingaCertificateAuthority124–125creatingaCertificate123–124managing125–126obtaining123verifyingconnection191–192SSLClientCertificatecertificate-basedauthenticationusingHTTPS188SSLHandshakeProtocol115SSLRecordProtocol115SSLCACertificateFiledirective188SSLCertificateChainFiledirective119SSLCertificateFiledirective119SSLCertificateKeyFiledirective119SSLCipherSuitedirective120SSLeayopensourceimplementationofSSLprotocol110SSLEnginedirective119SSLLogdirective119SSLLogLeveldirective119SSLMutexdirective117SSLPassPhraseDialogdirective117SSLProtocoldirective119SSLRandomSeeddirective117SSLRequiredirective120SSLRequireSSLdirective120SSLSessionCachedirective117SSLVerifyClientdirective120SSLVerifyClientrequiredirective188SSLVerifyDepthdirective188stat()function102StatcountervulnerabilitytoXSSattacks266–267StdEnvVarsdirective120STOPsignal425storage,abuseof5str_replace()function290,465preg_replace()functionasalternativeto298stream_context_create()function128stream_context_get_options()function128stream_context_set_option()function128stream_get_meta_data()function132stream_set_blocking()function131,460stream_set_timeout()function459,461streams128strings,checkinginputtype236strip_tags()function277stripslashes()function241,242,256strlen()function239,256strpos()function256strtoupper()function298stunnelprogramapplication-levelSSLsupport126–127subrequestsmakingsafely459–466Subversionversioncontrolsystem20,26,416sudocommand46dangerousoperations420suexec18SUID214suidbitsetdangerousoperations420497INDEXsymmetricalgorithms3DES61–62AES62Blowfish62RC462–63symmetricencryption57protectingsensitivedata80–86securityproblems86SysAdminDisasteroftheMonth38systemadministrators13systemcommands419dangerousoperations419resource-intensivecommands421–422root-levelcommands420systemlogsmonitoring38system-levelaccountability378systemprotectionfromprocesses209,216Seealsofilesystempermissionsdiskquotas217PHP'sresourcelimits218resourcelimits216–217system()function281,282,283,294system-levelaccountabilityreview378Ttagbackgroundattribute270tablesaddingadeletedflag405addingalockedflagto401tempnam()function307,308temporaryfiles303characteristics304locations304permanence304practicalroles303–304preventingabuse306locations307–310permissions310–311readingfromknownfiles312uploadedfiles,checking312–313writingtoknownfiles311–312protectingfromhijacking313–314risks304execution305hijacking306visibility305vulnerabilityfoundinTikiWiki305TERMsignal425textimagecaptchas333–334Yahooemailsignuppage332Tidymodule276TikiWikitemporaryfilevulnerability305timed_outkey459–461TLS(TransportLayerSecurity)109assuccessortoSSL109demonstratinguseof137–138introduction110tokens,verifyingreceipts351touch()function308trackingqueuedtasks449–453transactionclassupdate()method389transferingcontenteffectivesecurityforproductionservers30transparentsessionID316TransportLayerSSH(SecureShell)140SSHversion1141TransportLayerSecurity.
SeeTLStransports128Triple-DES.
See3DEStrolls6introduction350TuringTest,AlanTuring331SeealsoReverseTuringTesttwo-factorauthentication187certificate-basedauthenticationusingHTTPS187–188configuringmod_ssltouseClientCertificates188creatingCertificates189readingClientCertificatesdetailsinPHP193usingCertificates189–191verifyingSSLconnection191–192498INDEXtwo-factorauthentication(continued)usingone-timekeysforauthentication194Uumaskvalue214UML(User-modeLinux)21umountcommand421unavailabilityofcompile-timeoptionsdownsideofinstallingfrompackagingsystems43unavailableoptimizationsdownsideofinstallingfrompackagingsystems44uniqid()function308,309,354unittestingdevelopmentinfrastructure27unixfilesystempermissions209introduction13–14unreadabilitypotentialcaptchaproblems345unsafenetworking222up2dateprogram43UPDATEcommandpreventingversioningdataloss410–411UPDATEquerylogging388UPDATEstatementsinjectionattacks252update()methodtransactionclass389updatingsoftware47–48Apache49–50monitoringversionrevisions51PHP50recompilingafterupdatinglibraries51–52usingagoldservertodistributeupdates52meta-packages53meta-ports52–53upgradingapplicationsandlibraries29upload_max_filesizedirective218uploadedfiles,checkingpreventingtemporaryfileabuse312–313URIsconfusionoftermwithURLsandURNs273forgingforXSSattacks269–270forgingimagesourceURIsforXSSattacks270sanitizingalluser-submittedURIstopreventXSSattacks)273–274sanitizingvaluespassedtoothersystems243–244urlencode()function465usagereports,generating391importantalerts391–392on-demandreporting396periodicsummaries392–396useragent,checkingpreventingsessionabuse326userdifficultiespotentialcaptchaproblems346usergroupsapplicationaccesscontrolstrategies362–363userIDessentialapplicationloggingcontent379useridentityverification.
Seeidentityverificationusertracking377usertypesapplicationaccesscontrolstrategies361–362user-levelactivitysystem–levelaccountability378User–modeLinux.
SeeUMLusersIDs,regeneratingpreventingsessionabuse324VValidateclassPear276validatinguserinput.
Seeinputvalidation499INDEXverificationofdatausingdigests101–107usingsignatures107verifieddigitalsignaturesusingforidentityverification356–357verify()methodopenSSLobject89,93,99,202verifyingidentity.
Seeidentityverificationversioncontrolsystems20,416developmentinfrastructure26runningshellscriptsoncommitorupdates33–35versioneddatabasefilestorecreating411garbagecollection413–415realisticPHPversioningsystem412–413versioningmonitoringrevisions51preventingdataloss400,408creatingaversioneddatabasefilestore411–415INSERTandUPDATE410–411tablestructure408–409versioningfilesrdiff-backup416versioncontrolsystems416WebDAVwithversioning416virtualhostingcomparedtovirtualmachines21,22virtualmachines22comparedtovirtualhosting21–22viruses6visibility,temporaryfiles305VMware22VRFYcommandverifyingworkingmailbox351WWainwright,PeterProApache176webservicesHTTPandREST456keepinginterfacesecure457keepingRPCinterfacesimple457–458limitingaccesstowebAPIs458managementofcaptchas336–339SOAP457XML-RPC456–457WebDAVversioningfiles416WEP(WiredEquivalentPrivacy)319wgetprogram45wheelgrouptypicallyreservedfortrustedusers147WHEREclauseDELETEstatementsandinjectionattacks253wiki,developmentinfrastructure26Wikipediafreeencyclopedia55WiredEquivalentPrivacy(WEP)319--with-mcryptconfigurationswitch80worms6wrappers128write()methodapplicationloggingclasssample382,383,386writingtoknownfilespreventingtemporaryfileabuse311–312XX.
509asPKIstandard111X11forwarding160–161x509functionscertificates87XML-RPCwebservices456–457XORalgorithm69–70XSS(cross-sitescripting)263attackslisted264categorizingattacks265applicationsitetosameorremotesite265–266remotesitetoapplicationsite265500INDEXXSS(cross-sitescripting)(continued)preventing263,271designingaprivateAPIforsensitivetransactions276–277encodeHTMLentitiesinallnonHTMLoutput272–273predictingusersactions278sanitizingalluser-submittedURIs273–274SSLand271–272usingprovenXSSfilteronHTMLinput275–276techniques267HTMLandCSSmarkupattacks267–268techniquesextraformbaggage271forgedactionURIs269–270forgedimagesourceURIs270HTMLandCSSmarkupattacks269JavaScriptattacks269testingforprotection278workingsof263scripting264YYahootextimagecaptchas332YellowDogLinuxUpdated,Modifiedpackage.
Seeyumtoolyumtool43simplifyingpackageinstallationprocess43ZZendEncodercompiler19
- cardisable_functions相关文档
- modelingdisable_functions
- 提纲(资料)On the Functions of Etiquette in Commercial Negotiation 商务英语毕业论文
- cellularBioactive Components of Cordyceps taii and Their Immune Functions in Mice
- doseCrude Polysaccharides Extracted From Several Medicinal Fungi Exhibit Hypoglycemic Functions in Mice
- crossThe Pragmatic Functions and Cultural Differences of Color Words
- 简洁性Analysis of Hedges and Their Pragmatic Functions in News
DMIT:香港国际线路vps,1.5GB内存/20GB SSD空间/4TB流量/1Gbps/KVM,$9.81/月
DMIT怎么样?DMIT是一家美国主机商,主要提供KVM VPS、独立服务器等,主要提供香港CN2、洛杉矶CN2 GIA等KVM VPS,稳定性、网络都很不错。支持中文客服,可Paypal、支付宝付款。2020年推出的香港国际线路的KVM VPS,大带宽,适合中转落地使用。现在有永久9折优惠码:July-4-Lite-10OFF,季付及以上还有折扣,非 中国路由优化;AS4134,AS4837 均...
易探云:香港CN2云服务器低至18元/月起,183.60元/年
易探云怎么样?易探云最早是主攻香港云服务器的品牌商家,由于之前香港云服务器性价比高、稳定性不错获得了不少用户的支持。易探云推出大量香港云服务器,采用BGP、CN2线路,机房有香港九龙、香港新界、香港沙田、香港葵湾等,香港1核1G低至18元/月,183.60元/年,老站长建站推荐香港2核4G5M+10G数据盘仅799元/年,性价比超强,关键是延迟全球为50ms左右,适合国内境外外贸行业网站等,如果需...
Spinservers:美国圣何塞服务器,双E5/64GB DDR4/2TB SSD/10Gbps端口月流量10TB,$111/月
spinservers怎么样?spinservers大硬盘服务器。Spinservers刚刚在美国圣何塞机房补货120台独立服务器,CPU都是双E5系列,64-512GB DDR4内存,超大SSD或NVMe存储,数量有限,机器都是预部署好的,下单即可上架,无需人工干预,有需要的朋友抓紧下单哦。Spinservers是Majestic Hosting Solutions,LLC旗下站点,主营美国独立...
disable_functions为你推荐
-
phpcms模板PHPCMS V9模板iproute怎么查看已配置的静态路由德国iphone禁售令苹果在中国禁售了?说说看ym.163.com免费企业邮箱本公司www资费标准电信套餐资费介绍表开放平台微信的开放平台是干什么用的银花珠树晓来看晚来天欲雪,能饮一杯无。相似的句子三五互联科技股份有限公司厦门三五互联科技股份有限公司 怎么样?即时通如何使用即时通啊