abcphp.com

Discover the best of PHP

Security »

7

Vote

setcookie() with HttpOnly Option to Reduce XSS attacks by Preventing JavaScript from Reading Cookies

It may considerably reduce XSS attack possibilities if not completely eradicate it. XSS, or Cross Site Scripting, is probably the most common security problems in web applications that engage in heavy user input. If you’ve ever tried to build a web application that users can input data in a lot of different venues, chances are it has a security hole somewhere that allows XSS attacks. Don’t panic though. Most web applications, even the most sophisticated ones developed by the best programmers such as vBulletin and WordPress release patches from time to time to fix XSS holes.

Posted by girish.r 148 days ago (http://abcphp.com)
Discuss | | Bury | Tweet This | Tagged: setcookie xss cookies | Add To

Who Voted for this Story

Recently Published

17 votes | 10 life-saving PHP snippets
12 votes | Mono, The Linux Implementation of .NET – Good or Bad?
17 votes | [HOWTO] Send emails from localhost in PHP using msmtp (using gmail account) on linux | Absolutely Tech
13 votes | Google Ranking Checker Class in PHP | BOHUCO
11 votes | Database Searching Techniques with SQL

Most Comments

5 comments | OpenCart CSRF Vulnerability « Ben Maynard's blog
2 comments | XMLHttpRequest and AJAX for PHP programmers
2 comments | Run PHP on the Google App Engine
2 comments | Speeding up your PHP scripts
2 comments | [jQuery] Multi selectbox with ajax

Most Votes

23 votes | CONFIRMED: Facebook Gets Faster, Debuts Homegrown PHP Compiler
20 votes | php|tek 2009
20 votes | PHP 5.2.9 Released!
20 votes | How To: Installing LAMP On Ubuntu For Newbies
20 votes | PHP built in functions map