At 2:53 PM -0500 4/8/11, Jay Blanchard wrote:
[snip]
whats the best way to learn about security in php?
[/snip]
Study, study, study!
Chris Shiflett is a recognized expert on PHP security -
http://shiflett.org/
He has a great book on PHP Security -
http://www.amazon.com/exec/obidos/ASIN/0596006
On Fri, Apr 8, 2011 at 3:24 PM, nighthawk1256 wrote:
> hey guys/girls,
>
> whats the best way to learn about security in php?
Here are some relevant topics to consider:
- Validate input (only accept what you're expecting, via GET, POST, and
COOKIE, and don't try to fix an invalid value,
Best way to learn about security of something is to learn how to break it...
On Apr 8, 2011 3:55 PM, "Jay Blanchard" wrote:
>
> [snip]
> whats the best way to learn about security in php?
> [/snip]
>
> Study, study, study!
>
> Chris Shiflett is a recognized expert on PHP security -
> http://shifl
[snip]
whats the best way to learn about security in php?
[/snip]
Study, study, study!
Chris Shiflett is a recognized expert on PHP security -
http://shiflett.org/
He has a great book on PHP Security -
http://www.amazon.com/exec/obidos/ASIN/059600656X/ref=nosim/chrisshiflet
t-20
--
PHP Genera
hi,
On Mon, Jan 17, 2011 at 5:21 AM, Tommy Pham wrote:
> Thanks Dan. I'll keep it in mind for the future. For interested parties,
> that's found in the official Windows 5.3.3 NTS VC9 build. Works fine with
> the current official 5.3.5 NTS VC9.
5.3.5 was released only to fix this exact bug :-
> -Original Message-
> From: paras...@gmail.com [mailto:paras...@gmail.com] On Behalf Of
> Daniel Brown
> Sent: Sunday, January 16, 2011 7:00 PM
> To: Tommy Pham
> Cc: PHP General; PHP Internals List; secur...@php.net
> Subject: Re: [PHP] [security] PHP has DoS vu
On 2011-01-16, at 9:59 PM, Daniel Brown wrote:
> On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote:
>>
>> Here are the results after some further tests for the same platform:
>>
>> * max float value: 1.7976931348623E+308
>> * min float value: 9.8813129168249E-324 <<
>> floatval('1.
> -Original Message-
> From: Jim Lucas [mailto:li...@cmsws.com]
> Sent: Sunday, January 16, 2011 6:54 PM
> To: Tommy Pham
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] [security] PHP has DoS vuln with large decimal points
>
> On 1/16/2011 4
On Sun, Jan 16, 2011 at 21:00, Tommy Pham wrote:
>
> Here are the results after some further tests for the same platform:
>
> * max float value: 1.7976931348623E+308
> * min float value: 9.8813129168249E-324 <<
> floatval('1.00e-323') weird ...
>
> PHP wil hang when the value
On 1/16/2011 4:18 PM, Tommy Pham wrote:
>> -Original Message-
>> From: Tommy Pham [mailto:tommy...@gmail.com]
>> Sent: Thursday, January 06, 2011 5:49 PM
>> To: 'Daevid Vincent'
>> Cc: 'php-general@lists.php.net'
>> Subject: RE: [PH
> -Original Message-
> From: Tommy Pham [mailto:tommy...@gmail.com]
> Sent: Sunday, January 16, 2011 4:18 PM
> To: 'php-general@lists.php.net'
> Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
>
>
> I found something really
> -Original Message-
> From: Tommy Pham [mailto:tommy...@gmail.com]
> Sent: Thursday, January 06, 2011 5:49 PM
> To: 'Daevid Vincent'
> Cc: 'php-general@lists.php.net'
> Subject: RE: [PHP] [security] PHP has DoS vuln with large decimal points
>
> -Original Message-
> From: Daevid Vincent [mailto:dae...@daevid.com]
> Sent: Wednesday, January 05, 2011 11:36 AM
> To: php-general@lists.php.net
> Subject: [PHP] [security] PHP has DoS vuln with large decimal points
>
> The error in the way floating-point and double-precision numbers ar
one good reason to ever enable this, it would be a
security issue no matter how you slice it...
-Original Message-
From: Igor Escobar [mailto:titiolin...@gmail.com]
Sent: Tuesday, June 08, 2010 10:11 AM
To: richg...@gmail.com
Cc:
Subject: Re: [PHP] Security Issue
Hey Richard,
I'll
Igor Escobar [mailto:titiolin...@gmail.com]
Sent: Tuesday, June 08, 2010 10:11 AM
To: richg...@gmail.com
Cc:
Subject: Re: [PHP] Security Issue
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst & Interface De
Hey Richard,
I'll find more about this parameter allow_url_include, thank you!
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 5:26 PM, richard gray wrote:
> On 07/06/201
Are you running the latest version of PHP?
If not you should check for PHP vulnerabilities for the version that you
have installed. You should also check your OS and web server software for
security holes.
On Mon, Jun 7, 2010 at 7:54 AM, Igor Escobar wrote:
> Hi Folks!
>
> The portal for which
On 07/06/2010 20:00, Igor Escobar wrote:
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my
From: Ashley Sheridan
> On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
>
>> PHP Injection is the technical name given to a security hole in PHP
>> applications. When this gap there is a hacker can do with an external
>> code that is interpreted as an inner code as if the code included was
On Mon, 2010-06-07 at 15:00 -0300, Igor Escobar wrote:
> PHP Injection is the technical name given to a security hole in PHP
> applications. When this gap there is a hacker can do with an external
> code that is interpreted as an inner code as if the code included was
> more a part of the script.
I disagree and this kind of approach could be appropriate if you walk
your input globals and apply some sanity checks and appropriate
filtering you could fix the issue.
On Jun 7, 2010, at 10:52 AM, Igor Escobar wrote:
I think we're getting off topic here folks...
Regards,
Igor Escobar
S
I'm totally agree with you Ash,
I came up here to ask you guys some for light. Anything to well me to track
that M%$#% F#$CK#$# and discover from where he's attacking.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igores
PHP Injection is the technical name given to a security hole in PHP
applications. When this gap there is a hacker can do with an external code
that is interpreted as an inner code as if the code included was more a part
of the script.
// my code...
// my code...
include ('http:///externalhacks
Because that only typecasts it. It's safe but it isn't what the user
actually entered.
This way I can actually determine if the user put in "123abc" and
reject it, not accept it and keep the "123" silently for example. Same
with floats. You may or may not consider a negative number acceptab
You could do generic things to modify the $_GET and other superglobal
arrays. For example if you wanted to implement magic quote yourself
have a recursive function (I'd paste one but I'm on my phone) but
something akin to this:
$_GET = your_function_name($_GET);
An idea for you might be to
I think we're getting off topic here folks...
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 2:51 PM, Ashley Sheridan
wrote:
> On Mon, 2010-06-07 at 10:48 -0700, Michael
On Mon, 2010-06-07 at 10:48 -0700, Michael Shadle wrote:
> Oh yeah. I do more than just intval() I make sure they didn't feed me
> anything BUT numeric text first. I do sanity check before type
> forcing :)
>
> I use garbage in garbage out. So I take what is given to me and yes I
> escape i
On Mon, 2010-06-07 at 14:42 -0300, Igor Escobar wrote:
> It's not a SQL Injection or XSS problem, Michael.
>
> It's a PHP Injection problem. I know how fix that but the web site is very
> very huge, have lots and lots of partners and i'm have a bug difficult do
> identify the focus of the problem
Oh yeah. I do more than just intval() I make sure they didn't feed me
anything BUT numeric text first. I do sanity check before type
forcing :)
I use garbage in garbage out. So I take what is given to me and yes I
escape if before the db of course as well, and then encode on output.
On Ju
On Mon, 2010-06-07 at 10:38 -0700, Michael Shadle wrote:
> It's not that bad.
>
> Use filter functions and sanity checks for input.
>
> Use htmlspecialchars() basically on output.
>
> That should take care of basically everything.
>
> On Jun 7, 2010, at 6:16 AM, Igor Escobar wrote:
>
> > Thi
It's not a SQL Injection or XSS problem, Michael.
It's a PHP Injection problem. I know how fix that but the web site is very
very huge, have lots and lots of partners and i'm have a bug difficult do
identify the focus of the problem.
Got it?
Regards,
Igor Escobar
Systems Analyst & Interface Des
It's not that bad.
Use filter functions and sanity checks for input.
Use htmlspecialchars() basically on output.
That should take care of basically everything.
On Jun 7, 2010, at 6:16 AM, Igor Escobar wrote:
This was my fear.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ ht
-Original Message-
From: Igor Escobar [mailto:titiolin...@gmail.com]
Sent: Monday, June 07, 2010 9:21 AM
To: Phpster
Cc:
Subject: Re: [PHP] Security Issue
I do not believe he is doing so through forms but PHP Injection. We have
already met one of the files that he used to make the concatenation of
I do not believe he is doing so through forms but PHP Injection. We have
already met one of the files that he used to make the concatenation of the
cache files. Need to know if there is a tool, anything, that we can install
on the server and identify the hacker more easily because the manual labor
This was my fear.
Regards,
Igor Escobar
Systems Analyst & Interface Designer
+ http://blog.igorescobar.com
+ http://www.igorescobar.com
+ @igorescobar (twitter)
On Mon, Jun 7, 2010 at 10:05 AM, Peter Lind wrote:
> On 7 June 2010 14:54, Igor Escobar wrote:
> > Hi Folks!
> >
> > The portal
Hi Ashley!
Thanks for helping us!
OK, first thing, check all the file access logs, i.e. FTP logs, etc, just to
make sure that it's not a case of a compromised password. There's a
well-known issue with people who use FileZilla on Windows systems that
allows passwords to be easily stolen.
*
*
*We'v
On Jun 7, 2010, at 8:54 AM, Igor Escobar wrote:
Hi Folks!
The portal for which I work is suffering constant attacks that I
feel that
is PHP Injection. Somehow the hacker is getting to change the cache
files
that our system generates. Concatenating the HTML file with another
that
have a
On 7 June 2010 14:54, Igor Escobar wrote:
> Hi Folks!
>
> The portal for which I work is suffering constant attacks that I feel that
> is PHP Injection. Somehow the hacker is getting to change the cache files
> that our system generates. Concatenating the HTML file with another that
> have an ifra
On Mon, 2010-06-07 at 09:54 -0300, Igor Escobar wrote:
> Hi Folks!
>
> The portal for which I work is suffering constant attacks that I feel that
> is PHP Injection. Somehow the hacker is getting to change the cache files
> that our system generates. Concatenating the HTML file with another that
At 4:54 PM -0400 4/28/10, David Stoltz wrote:
My concern is passing SQL queries in this way is not best practice - am
I wrong? Please let me know how you would react to this?
David :
First, you are not wrong.
Second, that's exactly the type of security risk you want to protect
yourself from.
Hi all,
I am learning PHP and found this problem to be interesting.
I personally would never do this myself. All the manuals I have read
strictly prohibit this type of behavior.
Wouldn't you just have them run the queries on their end and send you
the results instead of the query itself?
Cur
On Wed, Apr 28, 2010 at 4:02 PM, Andre Polykanine wrote:
> Hello David,
>
> I'm not a PHP god but I would never ever do such things.I can't even
> imagine what can be the reason of passing an SQL query through a
> form...
> --
> With best regards from Ukraine,
> Andre
> Skype: Francophile; Wlm&MS
David Stoltz wrote:
Hi folks,
This isn't really a PHP question per se, but could apply to any
language...
I have a public facing web server, which we have a software component
that helps protect us from SQL Injection, and the like.
We recently have added a very small web application that is ve
On Wed, Apr 28, 2010 at 04:54:56PM -0400, David Stoltz wrote:
> Hi folks,
>
>
>
> This isn't really a PHP question per se, but could apply to any
> language...
>
>
>
> I have a public facing web server, which we have a software component
> that helps protect us from SQL Injection, and the
Hello David,
I'm not a PHP god but I would never ever do such things.I can't even
imagine what can be the reason of passing an SQL query through a
form...
--
With best regards from Ukraine,
Andre
Skype: Francophile; Wlm&MSN: arthaelon @ yandex.ru; Jabber: arthaelon @
jabber.org
Yahoo! messenger:
> Humm.. thanks for the replies. But i have another problem about rsync
> again.
>
>
>
> When i deploy a project using the rsync the permissions of all home
> directory is changed. i tried to use the parameter -p -o -g (preserve
> permissions, owner and group):
>
>
> I dont know but the rsync doesn
Rsync preserves the UID and GID, not the visible username or visible
group name. This means that if the UIDs and GIDs do not match your
expected users and groups on the destination server they will match
whatever is setup there according to the /etc/passwd or /etc/group
files. If there's no match f
Humm.. thanks for the replies. But i have another problem about rsync again.
When i deploy a project using the rsync the permissions of all home
directory is changed. i tried to use the parameter -p -o -g (preserve
permissions, owner and group):
I dont know but the rsync doesnt preserve the pe
>> Rsync should work fine, but personally I like to see exactly which
>> changes are being deployed especially when deploying to production.
>> While I realise this recommendation is not Open Source software, I
>> have found it to be an excellent piece of software for this task. I
>> use Beyond Com
> Rsync should work fine, but personally I like to see exactly which
> changes are being deployed especially when deploying to production.
> While I realise this recommendation is not Open Source software, I
> have found it to be an excellent piece of software for this task. I
> use Beyond Compare
On Mon, Oct 12, 2009 at 4:06 PM, Augusto Flavio wrote:
> i have a doubt about my security and deployment methods. Today i manage
> several projects and these projects are versioned with subversion. My
> environment is something like this:
>
> 1. The developer make some update in the source code of
On Tue, Aug 25, 2009 at 00:07, Augusto Flavio wrote:
>
> Answers: (choose 2)
> Error messages will contain sensitive session information
> Error messages can contain cross site scripting attacks
> Security risks involved in logging are handled by PHP
> X Error messages give the percepti
On Tue, Jun 2, 2009 at 7:39 PM, Shawn McKenzie wrote:
> Grant Peel wrote:
>> Hi all,
>>
>> I am currently setting up the next generation web server for our company and
>> am in need of general consulting/advice on php set up security issues.
>>
>> Any one with knowledge and expierience please fee
Grant Peel wrote:
???
I think you can safely assume that was a joke.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
???
- Original Message -
From: "Shawn McKenzie"
To:
Sent: Tuesday, June 02, 2009 7:39 PM
Subject: [PHP] Re: PHP Security
Grant Peel wrote:
Hi all,
I am currently setting up the next generation web server for our company
and am in need of general consulting/advice on
Grant Peel wrote:
> Hi all,
>
> I am currently setting up the next generation web server for our company and
> am in need of general consulting/advice on php set up security issues.
>
> Any one with knowledge and expierience please feel free to reply :-).
>
> -Grant
Do not under any circumstan
not related to SQl but u may want to look at
http://php-ids.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ign my project more secured than
>> before. If you get
>> any other idea please suggest me.
>>
>>
>> Thanks,
>> Sumit.
>>
>>
>>
>>
>>
>>
>>
>> -- Forwarded message --
>> From: Micha
idea please suggest me.
>
>
> Thanks,
>Sumit.
>
>
>
>
>
>
>
> -- Forwarded message ----------
> From: Michael A. Peters
> Date: Fri, May 22, 2009 at 4:50 AM
> Subject: Re: [PHP] SECURITY PRECAUTION BEFORE SUBMITTING DATA IN DATABASE
> To: Eddie Drapkin
> Cc: php-gen
Eddie Drapkin wrote:
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
I brought it up because suhosin catches many exploits that otherwise get
through, including exploits that allow inclusion of remote files that
can then be used to run arbitrary command
Eddie Drapkin wrote:
> Suhosin is completely not-related to SQL, though, I don't know why you'd
> bring it up...
Well, because the post that I was replying to brought it up and I happen
to agree that it's a good idea even though it has nothing to do with SQL :-)
>>> Michael A. Peters wrote:
Suhosin is completely not-related to SQL, though, I don't know why you'd
bring it up...
>
>
>
> On Thu, May 21, 2009 at 3:42 PM, Shawn McKenzie wrote:
>
>> Michael A. Peters wrote:
>> > Sumit Sharma wrote:
>> >> Hi,
>> >>
>> >> I am designing a php website for my client which interact with
>> datab
Michael A. Peters wrote:
> Sumit Sharma wrote:
>> Hi,
>>
>> I am designing a php website for my client which interact with database.
>> This is my first project for any client (I hope he is not reading this
>> mail
>> ;-) ). I am a bit more concerned with database security. Can somebody
>> shed
>>
Sumit Sharma wrote:
Hi,
I am designing a php website for my client which interact with database.
This is my first project for any client (I hope he is not reading this mail
;-) ). I am a bit more concerned with database security. Can somebody shed
some light on the security measurements, precau
On Thu, 2009-05-21 at 18:22 +0530, Sumit Sharma wrote:
> Hi,
>
> I am designing a php website for my client which interact with database.
> This is my first project for any client (I hope he is not reading this mail
> ;-) ). I am a bit more concerned with database security. Can somebody shed
> so
From: Grant Peel
> From: "Michael A. Peters"
>> Grant Peel wrote:
>>> Good Morning / Afternoon,
>>>
>>> We run several of our own servers:
>>>
>>> - Dell Power Edge 1U, Pentium,
>>> - FreeBSD (6.x soon to be 7.x)
>>> - along with all the standard Web Application installation (PHP
Apache
>>> Exim,
Grant Peel wrote:
- Original Message - From: "Michael A. Peters"
To: "Grant Peel"
Cc:
Sent: Sunday, March 29, 2009 10:00 PM
Subject: Re: [PHP] Security Support
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U
- Original Message -
From: "Michael A. Peters"
To: "Grant Peel"
Cc:
Sent: Sunday, March 29, 2009 10:00 PM
Subject: Re: [PHP] Security Support
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U, Pentium,
- FreeB
I agree with you Daniel
Regards,
Igor Escobar
systems analyst & interface designer
www . igorescobar . com
On Mon, Mar 30, 2009 at 10:58 AM, Daniel Brown wrote:
> On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo
> wrote:
> >> Yea, dude, well me GED says I kin git it dun wit less wastid ti
On Sun, Mar 29, 2009 at 22:07, abdulazeez alugo wrote:
>> Yea, dude, well me GED says I kin git it dun wit less wastid time.
>>
>> --
> No be only una get pidgin English ooo. Me sef fit do am sharp sharp no be say
> them say.
Is there any particular reason you guys totally trashed this
threa
> Date: Sun, 29 Mar 2009 19:02:15 -0700
> From: mpet...@mac.com
> To: m...@hallmarcwebsites.com
> CC: php-general@lists.php.net
> Subject: Re: [PHP] Security Support
>
> Marc Christopher Hall wrote:
> > I is a hi skool gradjuate
>
> Yea, dude, well me G
Marc Christopher Hall wrote:
I is a hi skool gradjuate
Yea, dude, well me GED says I kin git it dun wit less wastid time.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Grant Peel wrote:
Good Morning / Afternoon,
We run several of our own servers:
- Dell Power Edge 1U, Pentium,
- FreeBSD (6.x soon to be 7.x)
- along with all the standard Web Application installation (PHP Apache
Exim, Pop3, Proftp, MySQL etc etc).
What I am asking here, is if any one in this
> From: da...@wonderly.com
> To: defati...@hotmail.com; gp...@thenetnow.com; php-general@lists.php.net
> Date: Sun, 29 Mar 2009 18:16:35 -0500
> Subject: Re: [PHP] Security Support
>
>
> - Original Message -
> From: "abdulazeez alugo"
> To: ;
I is a hi skool gradjuate
-Original Message-
From: abdulazeez alugo [mailto:defati...@hotmail.com]
Sent: Sunday, March 29, 2009 7:10 PM
To: gp...@thenetnow.com; php-general@lists.php.net
Subject: RE: [PHP] Security Support
> From: gp...@thenetnow.com
> To: php-general@lists.p
- Original Message -
From: "abdulazeez alugo"
To: ;
Sent: Sunday, March 29, 2009 6:09 PM
Subject: RE: [PHP] Security Support
From: gp...@thenetnow.com
To: php-general@lists.php.net
Date: Sun, 29 Mar 2009 17:12:32 -0400
Subject: [PHP] Security Support
Good Morning /
> From: gp...@thenetnow.com
> To: php-general@lists.php.net
> Date: Sun, 29 Mar 2009 17:12:32 -0400
> Subject: [PHP] Security Support
>
> Good Morning / Afternoon,
>
> We run several of our own servers:
>
> - Dell Power Edge 1U, Pentium,
> - FreeBSD (6.x soon to be 7.x)
> - along with all t
Frank Stanovcak wrote:
> "VamVan" wrote in message
> news:12eb8b030901141421u6741b943q396bc784136b7...@mail.gmail.com...
>
>> On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak
>> wrote:
>>
>>
>>> This is mostly to make sure I understand how sessions are handled
>>> correctly.
>>> As far as
"VamVan" wrote in message
news:12eb8b030901141421u6741b943q396bc784136b7...@mail.gmail.com...
> On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak
> wrote:
>
>> This is mostly to make sure I understand how sessions are handled
>> correctly.
>> As far as sessions are concerned the variable data is
On Wed, Jan 14, 2009 at 2:22 PM, Frank Stanovcak
wrote:
> This is mostly to make sure I understand how sessions are handled
> correctly.
> As far as sessions are concerned the variable data is stored on the server
> (be it in memory or temp files), and never transmitted accross the net
> unless ou
On 11 Oct 2008, at 20:18, Alain Roger wrote:
to have access to my web application, user needs to log in. Before
to send
login/password over the net, user is directly redirected to HTTPS
version of
my web application in case he did not write HTTPS:// at the address
bar.
once he types login/pa
At 10:55 PM +0100 9/22/08, Ashley Sheridan wrote:
Who is /dev/null, and what does he advertise? ;)
Nothing.
Get it?
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://w
At 5:48 PM -0400 9/22/08, Daniel Brown wrote:
On Mon, Sep 22, 2008 at 5:45 PM, tedd <[EMAIL PROTECTED]> wrote:
The problem here is that the site is pretty large (>100 pages) and has
thousands of members. I think they would notice a slow down, but that's one
of the things they are considering
On Mon, Sep 22, 2008 at 6:02 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 22, 2008 at 5:55 PM, Eric Butera <[EMAIL PROTECTED]> wrote:
>>
>> That reply was just another attempt at getting your sig into the archives.
>> :P
>
>It wasn't, but good point, Butera. ;-P
>
> --
>
> [Del
On Mon, Sep 22, 2008 at 5:55 PM, Eric Butera <[EMAIL PROTECTED]> wrote:
>
> That reply was just another attempt at getting your sig into the archives. :P
It wasn't, but good point, Butera. ;-P
--
[Deleted from this email for everyone's sake. The Earth is running
out of bandwidth!]
--
P
On Mon, Sep 22, 2008 at 5:50 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
>ATTENTION LAWYERS AND THREAD-FLAMERS:
>
>That was meant to be a "reply" to Tedd personally, not a
> "reply-all." Anyone wishing to slam me for advertising is welcome to
> email your local /dev/null.
>
> --
>
> More
On Mon, 2008-09-22 at 17:50 -0400, Daniel Brown wrote:
> On Mon, Sep 22, 2008 at 5:48 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
> > On Mon, Sep 22, 2008 at 5:45 PM, tedd <[EMAIL PROTECTED]> wrote:
> >>
> >> The problem here is that the site is pretty large (>100 pages) and has
> >> thousands of
On Mon, Sep 22, 2008 at 5:48 PM, Daniel Brown <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 22, 2008 at 5:45 PM, tedd <[EMAIL PROTECTED]> wrote:
>>
>> The problem here is that the site is pretty large (>100 pages) and has
>> thousands of members. I think they would notice a slow down, but that's one
>>
On Mon, Sep 22, 2008 at 5:45 PM, tedd <[EMAIL PROTECTED]> wrote:
>
> The problem here is that the site is pretty large (>100 pages) and has
> thousands of members. I think they would notice a slow down, but that's one
> of the things they are considering.
A site like that should probably alrea
At 11:22 PM +0200 9/22/08, Jochem Maas wrote:
my personal theory on this is do *everything* via https, screw the overhead
and buy a bigger box ... given the state of the art it won't be *that* long
before pretty much everything site handling forms/transactions/etc use https
exclusively. besides w
tedd schreef:
At 4:34 PM -0400 9/22/08, Daniel Brown wrote:
On Mon, Sep 22, 2008 at 2:48 PM, tedd <[EMAIL PROTECTED]> wrote:
> However, when the user exits https and returns back to the http
side of
> things, the user receives a warning.
If the error you're getting is just saying that y
At 4:34 PM -0400 9/22/08, Daniel Brown wrote:
On Mon, Sep 22, 2008 at 2:48 PM, tedd <[EMAIL PROTECTED]> wrote:
> However, when the user exits https and returns back to the http side of
> things, the user receives a warning.
If the error you're getting is just saying that you're being
redir
On Mon, 2008-09-22 at 16:55 -0400, tedd wrote:
> At 8:49 PM +0100 9/22/08, Ashley Sheridan wrote:
> >On Mon, 2008-09-22 at 14:48 -0400, tedd wrote:
> >
> > > I suspect that the purpose of this warning is to alert the user when
> >> they are taken from a https directory to a http directory.
> >>
>
At 8:49 PM +0100 9/22/08, Ashley Sheridan wrote:
On Mon, 2008-09-22 at 14:48 -0400, tedd wrote:
> I suspect that the purpose of this warning is to alert the user when
they are taken from a https directory to a http directory.
Now my question is "Can I turn off that security warning?" or fin
On Mon, Sep 22, 2008 at 2:48 PM, tedd <[EMAIL PROTECTED]> wrote:
> Hi gang:
>
> I have a problem (please, no remarks). :-)
>
> I have a site where a security certificate is in place and it works. The
> user can login and review their information and purchase stuff. When the
> user goes from the ht
On Mon, 2008-09-22 at 14:48 -0400, tedd wrote:
> Hi gang:
>
> I have a problem (please, no remarks). :-)
>
> I have a site where a security certificate is in place and it works.
> The user can login and review their information and purchase stuff.
> When the user goes from the http to the http
On Apr 21, 2008, at 1:46 PM, Jason Pruim wrote:
On Apr 21, 2008, at 11:49 AM, Philip Thompson wrote:
On Apr 21, 2008, at 8:03 AM, Jason Pruim wrote:
Hi Everyone,
Last week you all helped me with the code to pull the database
field names directly from the database rather then being hardcode
On Apr 21, 2008, at 11:49 AM, Philip Thompson wrote:
On Apr 21, 2008, at 8:03 AM, Jason Pruim wrote:
Hi Everyone,
Last week you all helped me with the code to pull the database
field names directly from the database rather then being hardcoded
by me. Now I got to thinking, that I have exp
On Apr 21, 2008, at 8:03 AM, Jason Pruim wrote:
Hi Everyone,
Last week you all helped me with the code to pull the database field
names directly from the database rather then being hardcoded by me.
Now I got to thinking, that I have exposed my database layout to
anyone who can log in and s
On Mon, February 11, 2008 9:27 am, Emil Edeholt wrote:
> Thanks. Sure, I know how to escape and filter the input.. But since
> not
> all my sites use PDO yet, and I use some external code it would be a
> good idea to also use an sql injection scanner.
Scanning for SQL injection is like a "blacklis
1 - 100 of 513 matches
Mail list logo