php security

  • Resolved nielshensen

    (@nielshensen)


    3 years ago

    How is the security handled for the code snippets.
    Is my code safe for injections ?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Passionate Programmer Peter

    (@peterschulznl)

    Hi Niels,

    CLIENT SIDE
    Since PHP code is executed on the server, it is not possible to inject code from a browser.

    SERVER SIDE
    The Code Manager saves your PHP code in the database. From there, PHP code execution follows the same rules as PHP code execution from a PHP file. Access to a PHP file is needed to inject code. This is the same with the Code Manager. Access to the database is needed to inject code.

    NETWORK
    Use HTTPS.

    The plugin allows only admin users to save PHP code in the database. It checks the admins login and adds an additional token to validate the admins action. This is the standard way to secure WordPress dashboard actions. It would of course be possible to change saved code using a tool like MyPhpAdmin. Like admin users, I presume MyPhpAdmin users are trusted users.

    To inject code into a PHP file, ftp or WordPress dashboard access is needed. To inject code into the database, WordPress dashboard or database access is needed. For both options you need to keep your accounts safe.

    Does this answer your question?

    Best regards,
    Peter

    Thread Starter nielshensen

    (@nielshensen)

    Hi Peter,

    Thanks this definitely answers the question.
    Couldn’t find anything about this in de documentation and I wanted to know for sure.

    Thanks again.

    Best regards,
    Niels

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘php security’ is closed to new replies.