====== A Catalog of Security Sensitive PHP Functions ======

These PHP functions are common targets of various security attacks.  These functions should probably not be used directly (as a [[security:practice:catalog|security best practice]]), but instead be wrapped by libraries that enforce security considerations.

The purpose of this list is to highlight security vulnerabilities on a PHP function basis.

===== Catalog =====

  * [[eval_functions|Security Sensitive Eval Functions]] - These functions can allow an arbitrary string or file to be executed as PHP code.
  * [[shell_functions|Security Sensitive Shell Functions]] - These functions allow shell commands to be run on the server.
  * [[file_functions|Security Sensitive File Functions]] - These functions allow files to be read written, or permissions changed.
  * [[database_functions|Security Sensitive Database Functions]] -
  * [[request_functions|Security Sensitive HTTP Request Functions]] - These functions read information from the HTTP request.
  * [[response_functions|Security Sensitive HTTP Response Functions]] - Output functions
  * [[network_functions|Security Sensitive Network Functions]] - Functions which allow remote computers to be accessed
  * [[mail_functions|Security Sensitive Mail Functions]] - Functions which allow mail to be sent.

===== Additional Information =====

  * See [[security:attack:catalog|security attacks catalog]].
  * See [[security:practice:catalog|security best practices]].
  * See [[security:web application security]].