Right now I am learning about cake php structure, and I just wanted to know what KHHP is safe for example , How are its components secure? Certification Components As well, what can we do in the form of developers to enhance the security of our CakePHP base web application?
Do you also recommend any book or site to learn more about KPPHP security?
Thank you very soon for hearing from people.
cake Adopts best practices in many areas, and there are beautiful tools built into it. comes with basic infrastructure which has already been covered to certain extent to protect the webfood in certain areas. For example, you will not have to worry about SQL injection, because the database abstraction of cake is escaped from all inputs. Where this is not suitable:
updateAll (array $ fields, array $ terms)
!$ field array accepts SQL Expressions. Literal values should be quoted manually.
You get automatic form spoofing protection using the security component.
Data validation is a large integrated part of the model.
AuthComponent hash and salt password properly , though not necessarily the safest way possible.
A simple code htmlentities to avoid XSS problems you should use to avoid output.
You still have to use all the components correctly and be careful that any "custom" hole cake is just a toolbox , It is still possible to make a terrible insecure application using it. You can still shoot yourself in the foot, no matter how good the gun The default cake structure is only a starting point; it is not final-all-in case of security; Think for yourself Really provided by John is a good starting point.
Comments
Post a Comment