A PHP Guide for Humans https://icontemp.com/wiki/phpprimer/ 2026-06-07T21:27:47+00:00 https://icontemp.com/wiki/phpprimer/ https://icontemp.com/wiki/phpprimer/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2026-04-05T23:25:29+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:authorization_and_access_control&rev=1775431529&do=diff 6. Authorization & Access Control — Keeping Capabilities in Their Lane Authentication answers who the user is. Authorization answers what the user can do. A secure system treats capabilities as boundaries — not conveniences. Every action, every resource, every piece of data has a lane, text/html 2026-04-05T23:25:00+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_database_safety&rev=1775431500&do=diff 8. Database Safety — Parameterization, Boundaries, and Least Privilege A database is not just storage. It is a boundary — one of the most sensitive in the entire system. Security comes from treating the database as a separate trust domain, text/html 2026-04-05T23:26:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_escaping_and_output_encoding&rev=1775431571&do=diff 3. Escaping and Output Encoding — Keeping Untrusted Data in Its Place Once untrusted data enters the system, it must be handled with care. Validation shapes the data — but escaping determines where that data is allowed to go. Security is not just about rejecting bad input. text/html 2026-04-05T23:26:23+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_input_validation&rev=1775431583&do=diff 2. Input Validation & Data Shape — The First Security Boundary This page builds directly on the previous idea that security begins with predictable shape. Security begins at the boundary. Before escaping, before hashing, before permissions, before anything else text/html 2026-04-05T23:25:15+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_keys_tokens_and_environment_boundaries&rev=1775431515&do=diff 7. Handling Secrets — Keys, Tokens, and Environment Boundaries Secrets are high‑value, high‑risk pieces of information that must be protected with clear boundaries. Secrets are not configuration, settings, or code. They include: * API keys text/html 2026-04-05T23:25:58+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_password_handling&rev=1775431558&do=diff 4. Password Handling — Modern, Safe, and Simple Passwords are more than strings. They are secrets — and secrets require careful handling. Modern PHP gives us safe, simple tools for password hashing and verification. The danger comes not from complexity, but from invention. text/html 2026-04-05T23:28:26+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_safe_defaults&rev=1775431706&do=diff 1. Safe Defaults in Modern PHP — A Foundation for Secure Code Security is not a checklist. It’s a posture — a way of writing code that reduces risk before vulnerabilities even have a chance to appear. Modern PHP gives us tools that make secure behavior the default, text/html 2026-04-05T23:25:44+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_secure_session_practices&rev=1775431544&do=diff 5. Secure Session Practices — Predictable, Boundaried, and Safe Once identity is established, the next question is: how do we maintain it safely? A session is a temporary identity. It represents a user between requests — nothing more, nothing less. text/html 2026-04-05T23:24:27+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:php_security_fundamentals_summary&rev=1775431467&do=diff 9. Security Fundamentals — A Calm Summary Security is not a checklist. It is a posture — a way of thinking about boundaries, clarity, and intention. This topic introduced the foundational mental models that help PHP developers build systems that are predictable, safe, and resilient. Each page explored a different boundary, but together they form a single idea: text/html 2026-04-04T16:13:08+00:00 Anonymous (anonymous@undisclosed.example.com) https://icontemp.com/wiki/phpprimer/doku.php?id=security_fundamentals:start&rev=1775319188&do=diff Security Fundamentals Core security principles for modern PHP applications. These pages focus on clarity, safe defaults, and the practical habits that prevent common vulnerabilities before they appear. Please sort A-Z for intended reading sequence.