As a PHP newbie, I was advised to get a book by Chris Shiflett titled
Essential PHP Security. I looked at Amazon.com but the book appears to
be more than five years old. Should I get something more up to date?
- Keith
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit
On Fri, Nov 11, 2011 at 05:01:19PM -0600, Keith Purtell wrote:
As a PHP newbie, I was advised to get a book by Chris Shiflett titled
Essential PHP Security. I looked at Amazon.com but the book appears to
be more than five years old. Should I get something more up to date?
It is a good book
Hello all,
I am currently researching security best practices/methods. Can anyone offer
any current resources/recommendations?
My research thus far has included password hashing with salting/stretching,
session hash defaults, session management authentication, and prepared
statements via PDO
On Mon, Aug 8, 2011 at 10:08 AM, Jen Rasmussen j...@cetaceasound.com wrote:
[snip]
On a side note, PHP versions prior to 5.3+ do not allow to set the httponly
flag as a cookie parameter, is there any acceptable alternative for this?
I believe that has been supported since 5.2.0. As for a
Thanks, Andrew! I am unfortunately not even running 5.2..so that helps.
Jen
-Original Message-
From: Andrew Ballard [mailto:aball...@gmail.com]
Sent: Monday, August 08, 2011 9:57 AM
To: j...@cetaceasound.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] PHP Security: Best Practices
I am currently researching security best
practices/methods. Can anyone offer
any current resources/recommendations?
That is a huge arena and the question can not be answered very well
without describing what you are needing to protect. Security in debth
depends upon what you are protecting and
On 8 August 2011 15:08, Jen Rasmussen j...@cetaceasound.com wrote:
Hello all,
I am currently researching security best practices/methods. Can anyone offer
any current resources/recommendations?
My research thus far has included password hashing with salting/stretching,
session hash
At 2:53 PM -0500 4/8/11, Jay Blanchard wrote:
[snip]
whats the best way to learn about security in php?
[/snip]
Study, study, study!
Chris Shiflett is a recognized expert on PHP security -
http://shiflett.org/
He has a great book on PHP Security -
http://www.amazon.com/exec/obidos/ASIN
hey guys/girls,
whats the best way to learn about security in php?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[snip]
whats the best way to learn about security in php?
[/snip]
Study, study, study!
Chris Shiflett is a recognized expert on PHP security -
http://shiflett.org/
He has a great book on PHP Security -
http://www.amazon.com/exec/obidos/ASIN/059600656X/ref=nosim/chrisshiflet
t-20
--
PHP
Best way to learn about security of something is to learn how to break it...
On Apr 8, 2011 3:55 PM, Jay Blanchard jblanch...@pocket.com wrote:
[snip]
whats the best way to learn about security in php?
[/snip]
Study, study, study!
Chris Shiflett is a recognized expert on PHP security
On Fri, Apr 8, 2011 at 3:24 PM, nighthawk1256 er...@ns.sympatico.ca wrote:
hey guys/girls,
whats the best way to learn about security in php?
Here are some relevant topics to consider:
- Validate input (only accept what you're expecting, via GET, POST, and
COOKIE, and don't try to fix
hi,
On Mon, Jan 17, 2011 at 5:21 AM, Tommy Pham tommy...@gmail.com wrote:
Thanks Dan. I'll keep it in mind for the future. For interested parties,
that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with
the current official 5.3.5 NTS VC9.
5.3.5 was released only to fix
-Original Message-
From: Tommy Pham [mailto:tommy...@gmail.com]
Sent: Thursday, January 06, 2011 5:49 PM
To: 'Daevid Vincent'
Cc: 'php-general@lists.php.net'
Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
-Original Message-
From: Daevid Vincent
-Original Message-
From: Tommy Pham [mailto:tommy...@gmail.com]
Sent: Sunday, January 16, 2011 4:18 PM
To: 'php-general@lists.php.net'
Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
snip
I found something really weird while coding a validator
On 1/16/2011 4:18 PM, Tommy Pham wrote:
-Original Message-
From: Tommy Pham [mailto:tommy...@gmail.com]
Sent: Thursday, January 06, 2011 5:49 PM
To: 'Daevid Vincent'
Cc: 'php-general@lists.php.net'
Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
On Sun, Jan 16, 2011 at 21:00, Tommy Pham tommy...@gmail.com wrote:
Here are the results after some further tests for the same platform:
* max float value: 1.7976931348623E+308
* min float value: 9.8813129168249E-324
floatval('1.00e-323') weird ...
PHP wil hang when
-Original Message-
From: Jim Lucas [mailto:li...@cmsws.com]
Sent: Sunday, January 16, 2011 6:54 PM
To: Tommy Pham
Cc: php-general@lists.php.net
Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points
On 1/16/2011 4:18 PM, Tommy Pham wrote:
-Original Message
On 2011-01-16, at 9:59 PM, Daniel Brown danbr...@php.net wrote:
On Sun, Jan 16, 2011 at 21:00, Tommy Pham tommy...@gmail.com wrote:
Here are the results after some further tests for the same platform:
* max float value: 1.7976931348623E+308
* min float value: 9.8813129168249E-324
-Original Message-
From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of
Daniel Brown
Sent: Sunday, January 16, 2011 7:00 PM
To: Tommy Pham
Cc: PHP General; PHP Internals List; secur...@php.net
Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points
-Original Message-
From: Daevid Vincent [mailto:dae...@daevid.com]
Sent: Wednesday, January 05, 2011 11:36 AM
To: php-general@lists.php.net
Subject: [PHP] [security] PHP has DoS vuln with large decimal points
The error in the way floating-point and double-precision numbers
The error in the way floating-point and double-precision numbers are
handled sends 32-bit systems running Linux, Windows, and FreeBSD into an
infinite loop that consumes 100 percent of their CPU's resources.
Developers are still investigating, but they say the bug appears to affect
versions 5.2
Are you running the latest version of PHP?
If not you should check for PHP vulnerabilities for the version that you
have installed. You should also check your OS and web server software for
security holes.
On Mon, Jun 7, 2010 at 7:54 AM, Igor Escobar titiolin...@gmail.com wrote:
Hi Folks!
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 5:26 PM, richard gray r...@richgray.com
Escobar [mailto:titiolin...@gmail.com]
Sent: Tuesday, June 08, 2010 10:11 AM
To: richg...@gmail.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] Security Issue
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst Interface Designer
good reason to ever enable this, it would be a
security issue no matter how you slice it...
-Original Message-
From: Igor Escobar [mailto:titiolin...@gmail.com]
Sent: Tuesday, June 08, 2010 10:11 AM
To: richg...@gmail.com
Cc: php-general@lists.php.net
Subject: Re: [PHP] Security Issue
Hey
Hi Folks!
The portal for which I work is suffering constant attacks that I feel that
is PHP Injection. Somehow the hacker is getting to change the cache files
that our system generates. Concatenating the HTML file with another that
have an iframe to a malicious JAR file. Do you have any
On Mon, 2010-06-07 at 09:54 -0300, Igor Escobar wrote:
Hi Folks!
The portal for which I work is suffering constant attacks that I feel that
is PHP Injection. Somehow the hacker is getting to change the cache files
that our system generates. Concatenating the HTML file with another that
On 7 June 2010 14:54, Igor Escobar titiolin...@gmail.com wrote:
Hi Folks!
The portal for which I work is suffering constant attacks that I feel that
is PHP Injection. Somehow the hacker is getting to change the cache files
that our system generates. Concatenating the HTML file with another
On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote:
It's not that bad.
Use filter functions and sanity checks for input.
Use htmlspecialchars() basically on output.
That should take care of basically everything.
On Jun 7, 2010, at 6:16 AM, Igor Escobar titiolin...@gmail.com
Oh yeah. I do more than just intval() I make sure they didn't feed me
anything BUT numeric text first. I do sanity check before type
forcing :)
I use garbage in garbage out. So I take what is given to me and yes I
escape if before the db of course as well, and then encode on output.
On
On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
It's not a SQL Injection or XSS problem, Michael.
It's a PHP Injection problem. I know how fix that but the web site is very
very huge, have lots and lots of partners and i'm have a bug difficult do
identify the focus of the problem.
On Mon, 2010-06-07 at 10:48 -0700, Michael Shadle wrote:
Oh yeah. I do more than just intval() I make sure they didn't feed me
anything BUT numeric text first. I do sanity check before type
forcing :)
I use garbage in garbage out. So I take what is given to me and yes I
escape if
I think we're getting off topic here folks...
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:51 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Mon, 2010-06-07
You could do generic things to modify the $_GET and other superglobal
arrays. For example if you wanted to implement magic quote yourself
have a recursive function (I'd paste one but I'm on my phone) but
something akin to this:
$_GET = your_function_name($_GET);
An idea for you might be
Because that only typecasts it. It's safe but it isn't what the user
actually entered.
This way I can actually determine if the user put in 123abc and
reject it, not accept it and keep the 123 silently for example. Same
with floats. You may or may not consider a negative number acceptable,
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my code...
include
I'm totally agree with you Ash,
I came up here to ask you guys some for light. Anything to well me to track
that M%$#% F#$CK#$# and discover from where he's attacking.
Regards,
Igor Escobar
Systems Analyst Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+
I disagree and this kind of approach could be appropriate if you walk
your input globals and apply some sanity checks and appropriate
filtering you could fix the issue.
On Jun 7, 2010, at 10:52 AM, Igor Escobar titiolin...@gmail.com wrote:
I think we're getting off topic here folks...
On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external
code that is interpreted as an inner code as if the code included was
more a part of the script.
From: Ashley Sheridan
On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external
code that is interpreted as an inner code as if the code included was
more
On 07/06/2010 20:00, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my
From: Juan Rodriguez Monti
I would like to know if there´s some App that run automatic test
against a PHP Application to detect security issues, potential bugs
and so on.
I know this kind of applications exists for other fields of IT, but I
don´t know if there are some application or tests
At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?
David :
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
yourself
Hi folks,
This isn't really a PHP question per se, but could apply to any
language...
I have a public facing web server, which we have a software component
that helps protect us from SQL Injection, and the like.
We recently have added a very small web application that is vendor
: andre.polykanine; ICQ: 191749952
Twitter: m_elensule
- Original message -
From: David Stoltz dsto...@shh.org
To: php-general@lists.php.net php-general@lists.php.net
Date: Wednesday, April 28, 2010, 11:54:56 PM
Subject: [PHP] Security/Development Question
Hi folks,
This isn't really
On Wed, Apr 28, 2010 at 04:54:56PM -0400, David Stoltz wrote:
Hi folks,
This isn't really a PHP question per se, but could apply to any
language...
I have a public facing web server, which we have a software component
that helps protect us from SQL Injection, and the like.
David Stoltz wrote:
Hi folks,
This isn't really a PHP question per se, but could apply to any
language...
I have a public facing web server, which we have a software component
that helps protect us from SQL Injection, and the like.
We recently have added a very small web application that is
:56 PM
Subject: [PHP] Security/Development Question
Hi folks,
This isn't really a PHP question per se, but could apply to any
language...
I have a public facing web server, which we have a software component
that helps protect us from SQL Injection, and the like.
We recently have
Yahoo! messenger: andre.polykanine; ICQ: 191749952
Twitter: m_elensule
- Original message -
From: David Stoltz dsto...@shh.org
To: php-general@lists.php.net php-general@lists.php.net
Date: Wednesday, April 28, 2010, 11:54:56 PM
Subject: [PHP] Security/Development Question
Hi folks
Month of PHP Security 2010 - CALL FOR PAPERS
Three years ago, in March 2007, the Hardened-PHP project had organized
the Month of PHP Bugs. During one month more than 40 vulnerabilities in
the PHP interpreter were disclosed in order to improve
Rsync should work fine, but personally I like to see exactly which
changes are being deployed especially when deploying to production.
While I realise this recommendation is not Open Source software, I
have found it to be an excellent piece of software for this task. I
use Beyond Compare
Humm.. thanks for the replies. But i have another problem about rsync again.
When i deploy a project using the rsync the permissions of all home
directory is changed. i tried to use the parameter -p -o -g (preserve
permissions, owner and group):
I dont know but the rsync doesnt preserve the
Rsync preserves the UID and GID, not the visible username or visible
group name. This means that if the UIDs and GIDs do not match your
expected users and groups on the destination server they will match
whatever is setup there according to the /etc/passwd or /etc/group
files. If there's no match
Humm.. thanks for the replies. But i have another problem about rsync
again.
When i deploy a project using the rsync the permissions of all home
directory is changed. i tried to use the parameter -p -o -g (preserve
permissions, owner and group):
I dont know but the rsync doesnt preserve
Rsync should work fine, but personally I like to see exactly which
changes are being deployed especially when deploying to production.
While I realise this recommendation is not Open Source software, I
have found it to be an excellent piece of software for this task. I
use Beyond Compare
Hi everybody,
i have a doubt about my security and deployment methods. Today i manage
several projects and these projects are versioned with subversion. My
environment is something like this:
1. The developer make some update in the source code of a project. (from
your IDE, generally netbeans)
On Mon, Oct 12, 2009 at 4:06 PM, Augusto Flavio afla...@gmail.com wrote:
i have a doubt about my security and deployment methods. Today i manage
several projects and these projects are versioned with subversion. My
environment is something like this:
1. The developer make some update in the
On Tue, Aug 25, 2009 at 00:07, Augusto Flavioafla...@gmail.com wrote:
Answers: (choose 2)
Error messages will contain sensitive session information
Error messages can contain cross site scripting attacks
Security risks involved in logging are handled by PHP
X Error messages give
Hi all,
i'm discutting with my friend about this question for 30 min and i do not
agree with he. Here is the question:
Why is it important from a security perspective to never display PHP error
messages directly to the end user, yet always log them?
Answers: (choose 2)
Error messages
On Tue, Jun 2, 2009 at 7:39 PM, Shawn McKenzie nos...@mckenzies.net wrote:
Grant Peel wrote:
Hi all,
I am currently setting up the next generation web server for our company and
am in need of general consulting/advice on php set up security issues.
Any one with knowledge and expierience
Hi all,
I am currently setting up the next generation web server for our company and am
in need of general consulting/advice on php set up security issues.
Any one with knowledge and expierience please feel free to reply :-).
-Grant
H, how about some details on OS, etc
Bastien
Sent from my iPod
On Jun 2, 2009, at 17:26, Grant Peel gp...@thenetnow.com wrote:
Hi all,
I am currently setting up the next generation web server for our
company and am in need of general consulting/advice on php set up
security issues.
On Jun 2, 2009, at 17:26, Grant Peel gp...@thenetnow.com wrote:
I am currently setting up the next generation web server for our
company and am in need of general consulting/advice on php set up
security issues.
For general considerations, start here:
-Grant
- Original Message -
From: Phpster phps...@gmail.com
To: Grant Peel gp...@thenetnow.com
Cc: php-general@lists.php.net
Sent: Tuesday, June 02, 2009 5:53 PM
Subject: Re: [PHP] PHP Security
H, how about some details on OS, etc
Bastien
Sent from my iPod
On Jun 2, 2009
???
- Original Message -
From: Shawn McKenzie nos...@mckenzies.net
To: php-general@lists.php.net
Sent: Tuesday, June 02, 2009 7:39 PM
Subject: [PHP] Re: PHP Security
Grant Peel wrote:
Hi all,
I am currently setting up the next generation web server for our company
and am in need
Grant Peel wrote:
???
I think you can safely assume that was a joke.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
message --
From: Michael A. Peters mpet...@mac.com
Date: Fri, May 22, 2009 at 4:50 AM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Eddie Drapkin oorza...@gmail.com
Cc: php-general@lists.php.net
Eddie Drapkin wrote:
Suhosin is completely not-related
idea please suggest me.
Thanks,
Sumit.
-- Forwarded message --
From: Michael A. Peters mpet...@mac.com
Date: Fri, May 22, 2009 at 4:50 AM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Eddie Drapkin oorza...@gmail.com
Cc: php
not related to SQl but u may want to look at
http://php-ids.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Hi,
I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-) ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements, precautions, and functions
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Sumit Sharma sumitp...@gmail.com
Cc: php-general@lists.php.net
On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
Hi,
I am designing a php website for my client which interact with database.
This is my first project
a...@ashleysheridan.co.uk
Date: Thu, May 21, 2009 at 6:36 PM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Sumit Sharma sumitp...@gmail.com
Cc: php-general@lists.php.net
On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
Hi,
I am designing a php
-- Forwarded message --
From: Ashley Sheridan a...@ashleysheridan.co.uk
Date: Thu, May 21, 2009 at 6:36 PM
Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
To: Sumit Sharma sumitp...@gmail.com
Cc: php-general@lists.php.net
On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma
Sumit Sharma wrote:
Hi,
I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-) ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements,
Michael A. Peters wrote:
Sumit Sharma wrote:
Hi,
I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this
mail
;-) ). I am a bit more concerned with database security. Can somebody
shed
some light on
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
On Thu, May 21, 2009 at 3:42 PM, Shawn McKenzie nos...@mckenzies.netwrote:
Michael A. Peters wrote:
Sumit Sharma wrote:
Hi,
I am designing a php website for my client which interact with
Eddie Drapkin wrote:
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
Well, because the post that I was replying to brought it up and I happen
to agree that it's a good idea even though it has nothing to do with SQL :-)
Michael A. Peters wrote:
Use
Eddie Drapkin wrote:
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
I brought it up because suhosin catches many exploits that otherwise get
through, including exploits that allow inclusion of remote files that
can then be used to run arbitrary
From: Grant Peel
From: Michael A. Peters
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U, Pentium,
- FreeBSD (6.x soon to be 7.x)
- along with all the standard Web Application installation (PHP
Apache
Exim, Pop3, Proftp, MySQL etc
On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo defati...@hotmail.com wrote:
Yea, dude, well me GED says I kin git it dun wit less wastid time.
--
No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be say
them say.
Is there any particular reason you guys totally
I agree with you Daniel
Regards,
Igor Escobar
systems analyst interface designer
www . igorescobar . com
On Mon, Mar 30, 2009 at 10:58 AM, Daniel Brown danbr...@php.net wrote:
On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo defati...@hotmail.com
wrote:
Yea, dude, well me GED says I
- Original Message -
From: Michael A. Peters mpet...@mac.com
To: Grant Peel gp...@thenetnow.com
Cc: php-general@lists.php.net
Sent: Sunday, March 29, 2009 10:00 PM
Subject: Re: [PHP] Security Support
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our own servers
Grant Peel wrote:
- Original Message - From: Michael A. Peters mpet...@mac.com
To: Grant Peel gp...@thenetnow.com
Cc: php-general@lists.php.net
Sent: Sunday, March 29, 2009 10:00 PM
Subject: Re: [PHP] Security Support
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U, Pentium,
- FreeBSD (6.x soon to be 7.x)
- along with all the standard Web Application installation (PHP Apache Exim,
Pop3, Proftp, MySQL etc etc).
What I am asking here, is if any one in this community has the
From: gp...@thenetnow.com
To: php-general@lists.php.net
Date: Sun, 29 Mar 2009 17:12:32 -0400
Subject: [PHP] Security Support
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U, Pentium,
- FreeBSD (6.x soon to be 7.x)
- along with all the standard
- Original Message -
From: abdulazeez alugo defati...@hotmail.com
To: gp...@thenetnow.com; php-general@lists.php.net
Sent: Sunday, March 29, 2009 6:09 PM
Subject: RE: [PHP] Security Support
From: gp...@thenetnow.com
To: php-general@lists.php.net
Date: Sun, 29 Mar 2009 17:12:32
I is a hi skool gradjuate
-Original Message-
From: abdulazeez alugo [mailto:defati...@hotmail.com]
Sent: Sunday, March 29, 2009 7:10 PM
To: gp...@thenetnow.com; php-general@lists.php.net
Subject: RE: [PHP] Security Support
From: gp...@thenetnow.com
To: php-general@lists.php.net
From: da...@wonderly.com
To: defati...@hotmail.com; gp...@thenetnow.com; php-general@lists.php.net
Date: Sun, 29 Mar 2009 18:16:35 -0500
Subject: Re: [PHP] Security Support
- Original Message -
From: abdulazeez alugo defati...@hotmail.com
To: gp...@thenetnow.com; php
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U, Pentium,
- FreeBSD (6.x soon to be 7.x)
- along with all the standard Web Application installation (PHP Apache
Exim, Pop3, Proftp, MySQL etc etc).
What I am asking here, is if any one in
Marc Christopher Hall wrote:
I is a hi skool gradjuate
Yea, dude, well me GED says I kin git it dun wit less wastid time.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Date: Sun, 29 Mar 2009 19:02:15 -0700
From: mpet...@mac.com
To: m...@hallmarcwebsites.com
CC: php-general@lists.php.net
Subject: Re: [PHP] Security Support
Marc Christopher Hall wrote:
I is a hi skool gradjuate
Yea, dude, well me GED says I kin git it dun wit less wastid time
VamVan vamsee...@gmail.com wrote in message
news:12eb8b030901141421u6741b943q396bc784136b7...@mail.gmail.com...
On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak
blindspot...@comcast.netwrote:
This is mostly to make sure I understand how sessions are handled
correctly.
As far as sessions
Frank Stanovcak wrote:
VamVan vamsee...@gmail.com wrote in message
news:12eb8b030901141421u6741b943q396bc784136b7...@mail.gmail.com...
On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak
blindspot...@comcast.netwrote:
This is mostly to make sure I understand how sessions are handled
This is mostly to make sure I understand how sessions are handled correctly.
As far as sessions are concerned the variable data is stored on the server
(be it in memory or temp files), and never transmitted accross the net
unless output to the page? So this means I should be able to store the
On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak
blindspot...@comcast.netwrote:
This is mostly to make sure I understand how sessions are handled
correctly.
As far as sessions are concerned the variable data is stored on the server
(be it in memory or temp files), and never transmitted
one of my client says his company do have a program to test php code for common
programming security problem like sql injection etc
i am curious but he do not want to tell what the program is.
do this program exists? what is it?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe,
paragasu wrote:
one of my client says his company do have a program to test php code for common
programming security problem like sql injection etc
i am curious but he do not want to tell what the program is.
do this program exists? what is it?
https://chorizo-scanner.com/
Hi,
to have access to my web application, user needs to log in. Before to send
login/password over the net, user is directly redirected to HTTPS version of
my web application in case he did not write HTTPS:// at the address bar.
once he types login/password, everything is checked with DB data and
On 11 Oct 2008, at 20:18, Alain Roger wrote:
to have access to my web application, user needs to log in. Before
to send
login/password over the net, user is directly redirected to HTTPS
version of
my web application in case he did not write HTTPS:// at the address
bar.
once he types
1 - 100 of 847 matches
Mail list logo