Security Capabilites
Nephtali tries to make security a core component of the web development process. This is because of the ever increasing risks facing web developers, and the importance of visitor trust in an successful web endeavor.
Configuration measures
The default configuration for Nephtali attempts to mitigate common security risks:
- allow_url_fopen is turned off
- magic_quotes are turned off
- register_globals is turned off
- session.use_only_cookies is turned on
- errors are suppressed by default
Saftey mechanisms
- All incoming GET, POST, COOKIE, and SESSION variables are checked for php hackemes (e.g., <?php, <%, etc.)
- All incoming GET, POST, COOKIE, and SESSION variables are rekeyed so you can't accidently use an incoming variable without first validating it.
- Wrapper methods for setting SESSION and COOKIE variables that are automatically encrypted (with built in authentication) for storage.
- Ports provide built-in data validation for maximum and minimum length, regular expression validation, decryption (with built in authentication), and XSS filtering.