PHP - Security what is best way?

Question

What is the best way to secure an intranet website developed using PHP from outside attacks?

Answer 1

The best way to secure it? Don't connect it to a network. Make your users physically enter a guarded room with a single console, running Mosaic.

Oh, you want it to be easy to use?

1. Always verify every single input that can come from an untrusted source.
2. Don't trust any data sources.
3. When storing passwords, ALWAYS store an encrypted hash of the password.
4. When storing passwords, NEVER store passwords directly.
5. Never collect or store any data that you don't actually need.
6. Never allow yourself to be tempted into adding additional bells & whistles.
7. Read everything that Bruce Schneier has written on security and encryption.

If you forget these simple rules, you could find your application starring on the front pages of newspapers everywhere, just like Yahoo mail.