10 个最好的PHP安全开发库

y37f 10年前

1. PHP Intrusion Detection System

phpids
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

2. PHP Password Lib

PHP-PasswordLib
PHP-PasswordLib aims to be an all-inclusive cryptographic library for all cryptographic needs. It is meant to be easy to install and use, yet extensible and powerful enough for even the most experienced developer.

3. PHPSecLib

phpseclib
phpseclib is designed to be ultra-compatible. It works on PHP4+ (PHP4, assuming the use ofPHP_Compat) and doesn’t require any extensions. For purposes of speed, mcrypt is used if it’s available as is gmp or bcmath (in that order), but they are not required.

4.TCrypto

tcrypto
TCrypto is a simple and flexible PHP 5.3+ in-memory key-value storage library. By default, a cookie will be used as a storage backend. TCrypto has been designed from the ground up with security in mind. Safe algorithms and modes. Automatic and safe initialization vector creation. Encryption and authentication key creation (Keytool) using strong randomness. Key rotation (versioned keys). TCrypto can be used as a scalable “session handler”. Especially scalable, if cookies are used as a storage backend. This is a bit like Ruby on Rails sessions.

5. HTML Purifier

html purifier
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C’s specifications.

6. URLcrypt

urlcrypt
URLcrypt makes it easy to securely transmit short pieces of binary data in a URL. Use it to securely store things like user IDs, download expiration dates, and more. URLcrypt uses 256-bit AES symmetric encryption to securely encrypt data, and encodes and decodes Base 32 strings that can be used directly in URLs.

7. Hybrid Auth

hybridauth
HybridAuth is an open source PHP library for authenticating through multiple social services and ID providers. The services supported include OpenID,非死book, LinkedIn, Google,推ter, Windows Live, Foursquare, Vimeo, Yahoo, PayPal and more. It can be integrated easily into existing websites by inserting a file and few lines to the sign-in/up pages.

8. Security Check – Sensiolabs

security check
This tool is almost essential to both beginners and experienced PHP coders. The way it works is quite simple, you upload your .lockfile and it does the rest for you. If you look at the stats, the numbers of vulnerabilities found is quite staggering, don’t be surprised if your own projects might output some nasty stuff that you have missed.

9. PHP Login Project

phplogin
PHP-login Project is a script for adding authentication to your PHP projects. There are multiple tutorials available for installing it on various server configurations, as well as a minimal and one-file versions of the script.

10. SecurityMultiTool

security multitool
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks. The purpose of the library is to serve as both a useful set of utilities and to act as a set of reference implementations which can be learned from. It may be used by applications regardless of whether they are web application framework based or not. The use of a web application framework does not guarantee your security.