I am currently researching security best practices/methods. Can anyone offer
any current resources/recommendations?
My research thus far has included password hashing with salting/stretching,
session hash defaults, session management & authentication, and prepared
statements via PDO in addition to basic PHP.ini and .htaccess server
settings and properly escaping and validating input/output.
On a side note, PHP versions prior to 5.3+ do not allow to set the httponly
flag as a cookie parameter, is there any acceptable alternative for this?
Thanks in advance,
Jen Rasmussen | Web Development Manager
Cetacea Sound Corp
P Before printing this message, make sure that it's necessary. The
environment is in your hands