XSS Attacks, SQL Injections, directory traversals ... The list of potential security attacks a developer has to deal with is getting longer and longer. Luckily the PHPIDS (PHP-Intrusion Detection System) is able to put lots of common attacks down.

So we decided to integrate this great security layer into the next release of Phenotype, granting you a better sleep.

How is it working?

PHPIDS is analyzing any given string for suspicious character sequences that indicate security threats or typical attack probes. Then it calculates an impact value, giving you the possibility to decide how to react on that threat.

We simply let PHPIDS analyze all $myRequest variables (after smartURL params have been built) and throw an exception, if the impact  is too high. So the attacker will get a 500 page before any of his data is processed by your application and/or phenotype rendering classes.

As a Phenotype developer you'll get the full information about the impact detection:

Configuration:

You don't have to configure anything at all. But you can turn PHPIDS off or change the maximum impact, before the execption is thrown within your _config.inc.php file:

For more background information on PHPIDS check the PHPIDS project website (Thanks a lot for that!):

Performance:

One last thing you should know: PHPIDS has no relevant performance impact on Phenotype. The reason is quite simple: As long as the request url is free of suspicous characters PHPIDS remains inactive.