Minimalistic Secure PHP Programming.

Publicated on : 1192618836
Since I launched my secure programming flowchart, I got a couple of questions on how to use it in a real world example. I did not give any examples of code away, because I wanted readers to create something them selfs, or to inspire people to think about it's logic. I think now it's time to show a snippet that exactly does what I talked about. This code snippet -or- secure code architecture, uses minimal programming, a term I invented myself. It deals with using only PHP's native functions if there is no other way to do it. I only use one PHP function to escape data here, but also this could be simplified.

Due to limited time I only show you a small procedure on how I flow the code inside a script. I also use something that I call "buffer programming" to check data size. It is designed to process data before you prepare it inside a database query. Notice that it still needs customization every time you apply it. This is how security works, it is a process with steps. Every step can secure it or make it completely insecure. So, it ain't a copy/paste snippet. This is the reason I like custom minimalistic programming. You won't see me using any libraries. Maybe you can use it as inspiration, or maybe it can make someone aware that there are many other ways of landing on the same spot, and probably far more secure and scalable on any platform, and way faster!

update: Aschwin contacted me about a code flaw I made, and there is no excuse, I made a mistake the code was not working. I pasted the script in the blog without testing, because I had written this once only as code flow and never looked back at it. It turns out that I found more mistakes I made myself, even a off by one vulnerability! so it was even far worse! forgive me for that I had project deadlines and posted it too quickly. I re-written the code just now, let this be a lesson for me. Thank you Aschwin!