Running Linux, 5th Edition - Matthias Kalle Dalheimer [457]
You can execute this script by saving it as a file with the extension .php, copying it into the document directory of your web server, and accessing the script with your web browser. For example, if you have saved it as edit.php, you could access the URL http://localhost/edit.php to execute this script. The web server knows that it needs to run everything between through the PHP module. Thus, the PHP code can be directly embedded into an HTML page.
Now that we can enter comments into our database, we also want to review them. Thus, next up is a script to read from the database:
$conn = mysql_connect("localhost", "olof", "secret")
or die("Could not connect to MySQL as olof");
mysql_select_db("test_database", $conn)
or die("could not select the test_database");
$query = "SELECT * FROM comment_table";
$result = mysql_query($query)
or die(mysql_error());
$numbers_cols = mysql_num_fields($result);
print "query: $query";
print "
| ID | ";Comment | ";
| " . htmlspecialchars($id, ENT_QUOTES) . " | ";" . htmlspecialchars($comment, ENT_QUOTES) . " | ";
?>
As you can see, we are using the HTML tags for laying out tables in order to display the contents of the database, which is a very natural and obvious thing to do. Also note that we did not print the data from the database directly to the HTML page. This would have allowed a potential adversary to hijack the page by using improper input. Instead, we used the htmlspecialchars() function to make the data HTML safe.
It was our intention to keep these examples as simple as possible so as not to overload you with too much information. If you want to dive deeper into the wonderful world of LAMP, we recommend that you read a good book such as Web Database Applications with PHP & MySQL (O'Reilly) or MySQL/PHP Database Applications (John Wiley & Sons).
Chapter 26. Running a Secure System
In this chapter we discuss basic Linux system security. Security is unfortunately a topic of ever-growing importance, especially with the increasing use of permanently network-connected systems that are vulnerable to remote attacks even while unattended.
Most system security is commonsense good practice. Many of the best techniques are the simplest, yet frequently ignored practices; we cover those first. We then move on to some of the less obvious practices, and we conclude with a short discussion of the complex subject of network security. We also include some firewall recipes to protect simple installations against network attack.
A Perspective on System Security
It's sometimes difficult keeping a balanced perspective on system security. The media tends to sensationalize stories relating to security breaches, especially when they involve well-known companies or institutions. On the other hand, managing security can be a technically challenging and time-consuming task. Many Internet users take the view that their system holds no valuable data, so security isn't much of an issue. Others spend large amounts of effort nailing down their systems to protect against unauthorized use. No matter where you sit in this spectrum, you should be aware that there is always a risk that you will become the target of a security attack. There are a whole host of reasons why someone might be interested in breaching your system security. The value of the data on your system is only one of them; we discuss some others later in the chapter. You must make your own judgment as to how much effort you will expend, though we recommend that you err on the side of caution.
Traditional