Índice

PHP Server Security Measures

CGI Binary

Apache Module

General Settings

Magic Quotes

Input Filtering and Validation

Output Escaping

Email Injection

Remote Code Injection

SQL Injection

Cross-site Scripting XSS

Cross-site Request Forgeries CSRF

Session Attacks

Session Fixation

Session Hijacking

Security Measures

Encryption, Hashing algorithms

File uploads

Database storage

<?php
key = "this is a secret key";
$input = "Let us meet at 9 o'clock at the secret place.";

$td = mcrypt_module_open('tripledes', '', 'ecb', '');
$iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td, $key, $iv);
$encrypted_data = mcrypt_generic($td, $input);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
mhash($hash , $data [, $key ]) to return the resulting hash (also called digest) or HMAC [if $key is set] as a string, or FALSE on error, $hash is the hash ID
?>