Hi to all
I’m concerned about security and making slim secure. To insert it into my MySQL I’m using PDO bind and to get the values like this
$params = $request->getParsedBody();
Is there anything to secure even more from XSS and similar attacks?
That’s quite a big question 
Two starter things would be: sanitise all user input, and escape any output that comes from it especially if you intend to display that input on the site. Also have a look at content security policies (CSP) - through which you can instruct browsers to only download files (css, js, images, etc) from locations you permit.
Some resources:
- OWASP top 10 project - OWASP Top Ten | OWASP Foundation
- CSP and more browser security stuff: https://securityheaders.com
I know about this in pure PHP form but I was thinking more about what Slim offers out of the box? in term of security and sanitizing the input through the request interface.
Slim is a micro-framework and therefore only responsible for the HTTP request/response routing and dispatching lifecycle. There is no built-in validation, XSS protection, and database abstraction. You can use other PHP libraries or functions to perform these tasks.
1 Like