144 Chapter 4 Web Application Concepts Bringing data
146 Chapter 4 Web Application Concepts the HPP configuration,you can access an associative array for each namespace.The following table shows the available arrays: Array Name Contents $HTTP_GET_VARS Variables from a GET request $HTTP_POST_VARS Variables from a POST request $HTTP_COOKIE_VARS Variables from cookies $HTTP_ENV_VARS Environment variables, for example $SHELL $HTTP_SESSION_VARS Session variables $HTTP_SERVER_VARS Server variables, on our box $argc and $argv Note that PHP 3.0 knows only the first three arrays. Some clever project managers are known to set the PHP configuration directive register_globals (available only in PHP 4.0) to false, to force their programmers to use the $HTTP_*_VARS arrays. You can also influence the order in which variables are added to the global name- space. By default, the variables_order configuration directive is set to EGPCB .This tells PHP to introduce variables in this order: 1. Environment variables 2. GET 3. POST 4. Cookies 5. Built-in variables (server variables) This means that if the user passes a PATH variable in the GET request, he or she would overwrite the environment variable newer values override previous values. By using getenv() or by changing the variables_order directive, you can make sure that you actually access environment variables and not user-supplied variables. Session variables always overwrite variables coming from any other space; because they re coming from an already secured trust zone, this avoids a lot of security problems. Don t Reinvent Cryptography Cryptography is the science of using mathematics to encrypt and decrypt data. It enables you to store sensitive information or transmit it across insecure communication channels so that it can t be read by anyone except the intended recipient. Data encryption is a science of its own don t even try to invent your own encryption algorithms. Use established algorithms such as RC5 or Blowfish. Encrypting with MCrypt Functions If you compiled PHP with the mcrypt module, a wide variety of powerful encryption and decryption algorithms are at your disposal. The later section The MCrypt Functions shows how to use this module and how to find out which algorithms are supported on your system.
Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost PHP MySQL Web Hosting services