tags:

views:

73

answers:

3
+2  Q: 

Code Security for PHP

What is code security?

And also what is obfuscator? Do they have major similarities?

I have been hearing about the security issues of the code. How can we secure our code in php? How necessary is it to make our code secured and how?

+3  A: 

The Obfuscated Code article at Wikipedia is good read there for you :)

Obfuscated code is source or machine code that has been made difficult to understand. Programmers may deliberately obfuscate code to conceal its purpose or its logic to prevent tampering, deter reverse engineering or as a puzzle or recreational challenge for readers. It is a form of security through obscurity. Programs known as obfuscators transform readable code into obfuscated code using various techniques that might induce anti-debugging, anti-decompilation and anti-disassembly mechanism. Code obfuscation is different in essence from hardware obfuscation, where description and/or structure of a circuit is modified to hide its functionality.

Sarfraz  2010-09-27 11:00:03
+4  A: 

Secure code is such that has little or no vulnerabilities that can be exploited by malicious users.

Obfuscated code is code that is intentionally made hard to read.

Obscure code is code that is unintentionally hard to read and also probably insecure.

Mchl  2010-09-27 11:00:49
+1  A: 

Code security in a nutshell means that your code does what you want it to, and nothing else. Badly written, insecure code can have side effects, that users might be able to exploit. SQL injections is one good, common example.

It is very necessary to write secure code, especially for open-source projects where other users could easily find your vulnerabilities otherwise. As to how to write secure code, that's a bit more difficult question. The best answer would be with experience. It's hard to protect your code against something before you know what to protect it against. However common sense and some basic steps like always escaping unsafe user input go a long way.

Obfuscating code is simply taking user-readable code, and turning it into something that is not so readable. There are many reasons to do this. One reason is to make it harder to find vulnerabilities from your code, but it by no means prevents it. Another reason is to make it harder for people to make modifications to your code, which is what you might want to do for commercial software. But there are better alternatives in that case, like using Zend Guard

reko_t  2010-09-27 11:04:44

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases