What is sseq-lib? A simple but mighty PHP security library.
Mainly meant for private and semi-professional developers who need some help in securing small php applications against some of the top-10 attacks on web software.
Security increase to avoid:
* XSS (Cross Site Scripting)
* SQL-Injection
* CSRF (Cross Site Request Forgery)
* Session-Fixation
* Mail-Header-Injection
* File-Injection
* HTTP-Header-Manipulation
* Response-Splitting
* Informative error messages
Installation
Copy the whole directory „sseq-lib“ into the document root of the web server.
Open the file „seq_lib.php“ and set the parameter „$_SEQ_BASEDIR“ to the current directory.
Example:
- If you copied sseq-lib into the server root:
set „$_SEQ_BASEDIR“ in seq_lib.php to:
$_SEQ_BASEDIR = $_SERVER[‚DOCUMENT_ROOT‘] . ‚/sseq-lib/‘; - If you copied the sseq-lib directory into another directory (your
applications directory):
set „$_SEQ_BASEDIR“ in seq_lib.php to this directory:
$_SEQ_BASEDIR = $_SERVER[‚DOCUMENT_ROOT‘] . ‚/your-directory/sseq-lib/‘;
Do not forget to close with a slash! (/)
Usage
Modify a PHP script for the URL to be secured to include the file „seq_lib.php“:
Example:
- If you copied sseq-lib into the server root:
include_once(’sseq-lib/seq_lib.php‘); - If you copied the sseq-lib directory into another directory (your
applications directory):
include_once(‚/your-directory/seq_lib.php‘);
Configuration instructions (Oh dear, it’s all German! Shame on me!) :o(
Examples – how to use SSEQ-LIB (Oh boy, it’s German too but it’s the code that counts!)
Gegen Cross-Site-Request-Forgery absichern (Secure against Cross-Site-Request-Forgery)
Datenbankabfragen gegen SQL-Injection sichern (Secure against SQL-Injection)
Ausgaben gegen Cross-Site-Scripting sichern (Secure against Cross-Site-Scripting)
Gegen Cross-Site-Request-Forgery absichern