Bitcoin Forum

Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this?


http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html (http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html)

A couple articles in the wiki:
 - http://en.bitcoin.it/wiki/Securing_online_services
 - http://en.bitcoin.it/wiki/Category:Security

Good read, there are some things I would do slightly different ...

#1: Know Your Enemy,

2. SQL injection:
"mysql_real_escape_string()"  is just a fast fix you can use to patch up old/badly written php application. For custom apps people should be using "mysqli::prepare" or "PDO::prepare".

3. File uploads:
Validation and file system restrictions is insufficient. File uploads should always be handled by a separate server (like he sais in #25 Run Service Per System or VM Instance). If that is not a option for you then store your files as binary data in a database.

#11: Install Suhosin Advanced Protection System for PHP
Follow those instructions and you end up with build tools on your server, that is a big "no no" by it self. If you want to use it build it on a desktop and package it up for your specific distro, There is no reason at all to have build tools on a production server.

Edit: read comment, it's in there as well ...