在所有方面保护php网站（和一般网站）[关闭]

I dont know whether it is right to post it over here.

Can someones suggest some beginner resources for this topic.

Thanks in advance.

I found Added Bytes' Writing Secure PHP a good guide when I was starting out with PHP.

I'm not sure if this is an exact duplicate of one of these questions, but you can start reading here in SO itself:

• https://stackoverflow.com/questions/2081243/which-are-the-common-security-issues-that-the-beginners-make-in-php
• https://stackoverflow.com/questions/2119083/php-tutorial-that-is-security-accuracy-and-maintainability-conscious
• Securing PHP forms for beginners? Resources?
• Examples of vulnerable PHP code?

In addition to the resources already posted, here are some points to keep in mind:

• Never trust any data that comes from the client, you must assume it may be malicious
• Keep printed error messages generic, they help attackers reverse engineer your code
• Turn indexes off through your .htaccess file (plenty of tutorials on google)
• Encrypt all critical data such as passwords
• Understand the high-level differences between encryption options (AES,MD5,SHA,etc)

You should also be familiar with how some common attacks work such as SQL Injection and Cross Site Scripting (XSS)