The examples on this site are currently tested to work on Phalcon V3.4 and Phalcon Devtools V3.2 Some issues may arise when using later versions.

Please get in touch or post a comment below the post if you encounter a problem.

Security is possibly the most important issue for modern web based systems. With the continuing explosion in the levels of cybercrime the threat to both users and organisations is ever-present and growing. A medium to large scale successful website will probably want to employ professional security consultants. Small scale websites do not have access to these kind of resources while the potential loss might not be as great the threat is still significant.

While there isn't scope to go into a broad discussion of Security and threats in this section, a basic understanding of where the main hacking threats lie and the inclusion of some basic defense mechanisms from the outset will help budding developers get off on the right foot.

The most common threats to systems include the following:

While the phalcon documentation on security addresses some of these issues, there are many more issues than these to be concerned about. For example, one very common modern issue is ransomware attacks which encrypt all of an organisation's data but leave it in place demanding a cryto-currency ransom be sent to an untraceable account in return for the code to decrypt the data. Good policies such as regular database backups to a different location can help mitigate this problem. Many of the most common and most dangerous threats are best mitigated by good policy. The goal of this section is not to tackle every issue and threat that exists but rather to have a good grounding in the fundamentals around security. With this in mind lets look at what might constitute a Minimum Viable Product in terms of building a Secure web-based system.

Below are a basic set of User Stories which together make up the functionality necessary for a Minimum Viable Product.

In the rest of the section on security we will discuss how to implement this functionality in a simple straightforward way.