问题描述

我正在寻找有关在Apache(Linux)服务器上编程和部署PHP网站和应用程序的安全性指南的完整列表.基本上，是在完成项目之前要执行的安全检查表".即

I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e.,

1. 跨站点脚本
2. 跨站点请求伪造
3. 清理进入数据库的表单数据
4. 在自定义php.ini中禁用全局注册和错误报告
5. 在网络根目录下上传文件...(列表继续显示)

1. Cross Site Scripting
2. Cross Site Request Forgery
3. Sanitize form data that goes into database
4. Disable register globals and error reporting in custom php.ini
5. Upload files below web root...(the list goes on)

我在互联网上和该论坛中进行了一些搜索，但找不到完整，简洁而完整的指南列表.

I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines.

谢谢.

推荐答案

查看此链接编写安全PHP应用程序的七个习惯" :

http://www.ibm .com/developerworks/opensource/library/os-php-secure-apps/index.html

IBM文章总是非常有用，谢谢.

The IBM articles are always very useful, thanks.

PS:也是这个推荐的PHP阅读列表"

http://www.ibm.com/developerworks/opensource/library/os-php-read/#security

这篇关于在哪里可以找到网络项目的“安全检查表"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！