As a web developer I am using PHP and I know that I have to worry about security but when you use a framework, there is a lot-of code and design that you relay on but that you didn't code or design and for instance I am using CakePHP.
PHP frameworks: Yii Moreover, it is one of the most secure PHP frameworks with powerful features like encryption, password hashing, authentication, and authorization. Therefore, developers can easily customize every part of code and build highly secure projects with this framework.
What is a PHP framework? A PHP framework is a platform to build PHP web applications. PHP frameworks provide libraries for commonly used functions, which helps to cut down on the amount of original code developers need to write from scratch.
Laravel – a popular PHP web framework with great extendability for high-quality applications. CodeIgniter – one of the most popular PHP frameworks with MVC support, great for creating lightweight web applications. Symfony – a modular PHP framework with a built-in debugging system and extensive documentation.
You should always continue respecting the basic principles of security :
Which kinda means :
Using a framework doesn't change much about that, except that :
As a sidenote : you said this :
there is a lot-of code and design that you relay on but that you didn't code or design
Considering you are using a well-known framework that lots of people use, this code has probably been more tested/reviewed than any code you could write ;-)
That's an advantage of open-source, actually : you are not the only one responsible for the code, and lots of eyes have seen it -- which means lots of hands have enhanced it.
There are a lot of things to consider when dealing with security in an application. As Pascal said, it is a good idea to use a popular framework that has had a number of people looking at it.
I see a few areas of concern in regards to CakePHP.
The first issue is the end user. You should expect someone to do something foolish on every page you build. Some examples of this are:
Second, you must be concerned with attacks dealing with the code and permissions itself. For example:
Third, you should be concerned with the protection of your administration pages and who has permissions to access what.
I would suggest reading up on some of the important components and being sure you set them up properly, to ensue you have built an application without security flaws. Take a look at some of these elements as you research further: http://book.cakephp.org/view/170/Core-Components
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With