Security Information
The OmniPHP™ Framework includes built-in security to disrupt the common attempts for by-passing a web application's intent such as: invalid input to HTTP requests (GET or POST), SQL injections, cross-site hacking, and session hijacking. See the code for the samples in the downloaded folder for details on how to code properly.HTTPS / FTPS / SSL Certificates
For businesses (particularly large enterprises or enterprises that rely heavily on security: such as banks) your code should run on a secure HTTPS server in order to be protected against man-in-the-middle attacks which basically means disallowing the connections that happen between the client and your server to have access to the information the client is submitting (i.e. Social Security Numbers and Credit Card Numbers should only be sent through secure connections). In order to have an encrypted SSL certificate and configure your servers as HTTPS you should invest in that certificate which can be bought from trustable vendors such as: VeriSign, Thawte, GoDaddy, GeoTrust, or many others. These certificates can usually range from less than $100 up to a few thousand dollars depending on the level of security you require. Also if you want the EV (extended validations) that includes the classic green address bar you usually see in banking sites or other secure sites these will be more expensive.
BUGS and Security Holes
Please report any bugs or security holes you find in the framework through our bug tracker.
See the support page for the link to our bug tracker.