Tag: security
extract() Security Risk
PHP 4.0+
extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.
2mo ago
security intermediate
Encryption in Transit
1
Encrypting data moving between systems using TLS — protecting against interception, tampering, and man-in-the-middle attacks on all network communication.
3mo ago
cryptography intermediate
Environment Variables
PHP 5.0+
Key-value pairs inherited by child processes — the standard way to pass configuration, credentials, and runtime settings to PHP applications without hardcoding.
3mo ago
linux intermediate
Email Deliverability
PHP 5.0+ The technical requirements for email reaching inboxes rather than spam folders — SPF, DKIM, DMARC, and sending reputation work together to authenticate your emails.
3mo ago
networking intermediate
Encryption at Rest
PHP 7.0+ Encrypting stored data so that physical access to storage media does not expose plaintext — protecting against data theft from stolen drives, decommissioned hardware, and storage breaches.
3mo ago
cryptography advanced
Entropy
PHP 7.0+
A measure of unpredictability in a value — high entropy means many possible values, making brute-force infeasible.
3mo ago
general intermediate
escapeshellarg()
PHP 5.0+
Wraps a string in single quotes and escapes internal quotes for safe use as a single shell argument.
3mo ago
php intermediate
extract() — Dangerous Variable Injection
PHP 4.0+
extract() creates local variables from an array, allowing attackers to overwrite existing variables if input is unsanitised.
CWE-621 OWASP A3:2021
3mo ago
php beginner
9.8