Here I share some useful information related to php security libraries for web developers. The PHP is very popular language.
We can create static and dynamic web site using php. The PHP also support content management system like WordPress.
All PHP web developers aware some PHP Security Libraries.Here I share some PHP security libraries. They are:
- PHP Intrusion Detection System
- PHP Password Lib
- HTML Purifier
- Hybrid Auth
- Security Check – Sensiolabs
- PHP Login Project
1. PHP Intrusion Detection System: The PHP is an open source web application. The open source web application intrusion detection system is PHPIDS(PHP Intrusion Detection System). The advantages of intrusion detection system is: its simple to use, well structured programming language, very fast and state-of-the-art security layer for your PHP based web application. PHPIDS detects all cross-site scripting, sql and header injection etc.
2.PHP Password Lib: PasswordLib is another PHP security library. The PHP Passlib or PHP Password lib is simple and easy to use password hashing library. Several password hashing schemes are supported passlib library. It include bcrypt and PBKDF2. The main features are: Multiple Hash Schemes, PSR-0 Autoloader Support and Easy Password Migrations.
Multiple Hash Schemes include BCrypt, BSDi / Extended DES Crypt ,DES Crypt, MD5 Crypt, PBKDF2-SHA1/256/512, Openwall’s Portable Hash, SHA-1 Crypt, SHA-256 Crypt, SHA-512 Crypt
3.PHPSecLib: The PHPSecLib is a PHP secure communication library. It is designed to be ultra-compatible.This library needs to be in your include_path:
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
4.TCrypto:The TCrypto is simple and flexible. It can be used as a “high level” library. It is used to perform secure data encryption. TCrypto has been designed from the ground up with security in mind. It support Safe algorithms and modes.
5.HTML Purifier: HTML Purifier is a standard library in PHP web development. HTML Purifier will not only remove all malicious code.The basic code for getting HTML Purifier setup is very simple:
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
6.URLcrypt: URLcrypt is a Securely encode and decode data in URLs. Securely transmit short pieces of arbitrary binary data in URLs.
7.Hybrid Auth: The main goal of hybridAuth is authentication through multiple social services and ID providers. This is open source PHP library. The services supported include OpenID,Facebook, LinkedIn, Google,Twitter, Windows Live, Foursquare, Vimeo, Yahoo, PayPal and more. It can be integrated easily into existing websites by inserting a file and few lines to the sign-in/up pages.
Basicly, HybridAuth main tasks are to performs two types of actions:
user Authentication step, the user is redirected to his identity provider authentification page to enter their login and password and be asked for approval. When the user is returned back to your web site, the identity provider sends an encrypted token that indicates a successful Authentication.
access Autorisation, Once a user has authenticated, HybridAuth move to the next step and requires that the identity provider give your web site a temporary Autorisation to read the user account information (profile, contacts list, etc.).
- Easy to authenticate user
- simple and standardized structure across all the social apis
- All transactions are completely transparent
8.Security Check – Sensiolabs:. The Sensiolabs is another security library for web developers. This tools helps both beginners and experienced php developers. This is very simple
9. PHP Login Project: For adding authentication to your php project the PHP login project support this operation.
10. SecurityMultiToolThe security multitool is another security library for web developers.
If anyone has doubts on this topic then please do let me know by leaving comments or send me an email.