Page 369 - Open Soource Technologies 304.indd
P. 369

Unit 14: Security



               8.  move_uploaded_file( ) is used to:                                              Notes
                 (a)  delete the file            (b)  move the file
                 (c)  append the file            (d)  none of these
            True or False:
               9.  The session files can be read by any PHP script on the server.
                 (a)  True                       (b)  False

              10.  eval() is a very dangerous function.
                 (a)  True                       (b)  False
            Fill in the blanks:
              11.  With PHP’s  built-in session support, session  information  is  stored  in the ……………..
                 directory.
              12.  The ..................... shell is a software program that provides direct communication between
                 the user and the operating system.

            14.7 Summary

               •  PHP is a flexible language that has hooks into just about every API offered on the machines
                 on which it runs. Because it was designed to be a forms-processing language for HTML
                 pages, PHP makes it easy to use form data sent to a script.

               •  Variables in PHP do not have to be declared, they are automatically created the first time
                 they are used. Nor do they have a specific type, they are typed automatically based on
                 the context in which they are used.

               •  File  uploads  are  potentially  the  biggest  security  risk  in  web  development.  Allowing  a
                 third-party to place files on your server could allow them to delete your files, empty your
                 database, gain user details and much more.
               •  The default variables_order processes GET and POST parameters before cookies.
               •  PHP  provides  a  move_uploaded_file(  )  function  that  moves  the  file  only  if  it  was  an
                 uploaded file. This is preferable to moving the file directly with a system-level function
                 or PHP’s copy( ) function.

               •  Many ISPs have scripts from several users running on one web server. Since all the users
                 who share such a server run their PHP scripts as the same user, one script can read
                 another’s data files.

               •  Safe mode is an attempt to address this and other problems caused by shared servers.
               •  The command shell executes programs and displays their output on the screen by using
                 individual characters similar to the MS-DOS command interpreter Command.com.

            14.8 Keywords

            Command shell: The command shell is a separate software program that provides direct
            communication between the user and the operating system. The non-graphical command shell
            user interface provides the environment in which you run character-based applications and
            utilities.
            Data filtering: Data filtering is the cornerstone of web application security, and this is independent
            of programming language or platform. It involves the mechanism by which you determine the
            validity of data that is entering and exiting the application.



                                             LOVELY PROFESSIONAL UNIVERSITY                                   363
   364   365   366   367   368   369   370   371