Sorry, I couldn't resist this. The member, deathshadow created this excellent article on our new Webmaster forum. I thought I'd share it with you. Feel free to sign up if you want more quality pieces (not tripe ). Full article: building a more secure php framework Excerpt (full article is 3687 words)
amazing advice, if you could make the framework as light as possible i'd look forward to using it over such bloated frameworks as Zend (althought they might have their advantages - or do they?). thanks
Well its not really possible to do without globals. And even if you do use Globals you must tend to secure the data in the start if its from an outside source. The main thing is handling input. Thats the place where everything starts!
If you want a secure framework, you shouldn't build it yourself There's stuff out there like cakephp, codeigniter, yii, and others that have already gone through this process, and they have a big community of users that can easily report security vulnerabilities if they should occur.
CodeIgniter for the win! But even tried and tested frameworks can be very vulnerable if how it is used is done poorly.
Everything related to secure PHP programming already described on www.php.net The problem is not many ppl read official docs and since that find that stuff amazing