Recommended:

  • phpclasses.org
  • jsclasses.org
  • jsmag.com
  • siteapps.com
  • View our reviews on Hot Scripts
  • JS Tutorial
  • scripts.com
  • securesignup.com




Recent Comments

Powered by Disqus




Ajax Security: What You Need to Know

2014-04-03

AJAX: Ajax or ‘Asynchronous JavaScript and XML’ is a relatively new and dynamic technology on the web, which works in asynchronous way to interact with the server. In a traditional web approach for making a new request the browser had to refresh entire page and reload it, which was both time consuming and bandwidth consuming....

Comments Read more

Using Grep to Find Vulnerabilities in PHP

2013-07-02

Guest Post By: Ryan Dewhurst from ethicalhack3r.co.uk/ Introduction It’s a common misconception that companies need to purchase complicated and expensive software to find security vulnerabilities (bugs) within their applications. These specialized software applications, whether they be black-box or white-box,...

Comments Read more

Managing X.509 certificates using PHP

2012-01-22

To generate, sign and verify certificates you need to have OpenSSL module installed and provide file with OpenSSL configuration. Here is an example OpenSSL configuration file: [ req ] default_bits = 1024 default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes =...

Comments Read more

Prevent hotlinking using mod rewrite

2010-09-06

Save your bandwidth and protect your content with simple mod rewrite rules. Just create .htaccess file in your website root directory and add code below, edited to match your needs: Options +FollowSymLinks Options +Indexes RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ #your domain name RewriteCond %{HTTP_REFERER} !domain.com #all file...

Comments Read more

Secure login over HTTP

2010-09-01

It is important to keep passwords secure by storing hash of password in database or $_SESSION variables, so if anybody would get to those, they still couldn't easily know what your password is. But it doesn't matter how secure you make it on server side, if everything could be seen on user side. What I mean is, if user is logging in...

Comments Read more

Making database backup and storing it in file

2010-08-03

Here are two useful function, one makes a backup of specified database and stores it in file, other restores database from a backup file made by first function. <?php //backup function to create database backups files //$con - database connection //$db - database name //$path - path where to save backup file //$sep - custom seperator...

Comments Read more

PHP easter eggs

2010-08-03

There is an easter egg in PHP configuration that also allows you to detect a possible vulnerability. Inside the php source within php-source/ext/standard/info.h (lines 53 to 56), there are 4 code defining PHP logos like this: <?php #define PHP_LOGO_GUID "PHPE9568F34-D428-11d2-A769-00AA001ACF42" #define PHP_EGG_LOGO_GUID...

Comments Read more

Strip slashes based on magic_quotes settings

2010-07-30

Here is a function that checks magic_quotes and then accordingly strips slashes in your text. It can be used to clean text before using mysql_real_escape string, if you can't disable magic_quotes. Or just clean text after taking it out of database: <?php function strip($val) { if (TRUE ==...

Comments Read more

Emulate register_globals off

2010-07-30

Here is a function that emulates register_globals off, if you can't disable it yourself, you can use this function in the beginning of the script: <?php // Emulate register_globals off function unregister_GLOBALS() { if (!ini_get('register_globals')) { return; } // Might want to change this perhaps to a...

Comments Read more

Don't use index.php or index.html

2010-07-27

Don't use index.php or other common file names like home.php or welcome.php to access your site. Of course in depends on your server security, but there are many scripts that are searching files with these names and tries to delete them. It is much better to give file a custom name, maybe depending on your site name. And then to make it...

Comments Read more

PHP configuration

2010-07-20

You can view your PHP configuration using phpinfo() function, but never leave it so others could access it, because PHP configuration contains information, that hackers might find useful. So use it, but so only you can access it. First thing to do is to turn the register_globals off. It is already done in latest PHP versions, but it...

Comments Read more

Session security - fixation and hijacking

2010-06-19

There are couple things you need to keep in mind, when dealing with sessions. Of course you can store session data in database with your own identifiers and prevent it from being hijacked. But if you choose to use $_SESSION variables, then first thing to keep in mind, that all sessions are saved in files in plain text, so it is possible to view...

Comments Read more

Creating your own CAPTCHA

2010-05-15

To create your own CAPTCHA you need to create file that will generate CAPTCHAs image, let's call it img.php. Then put this content inside it: <?php session_start(); // function to create random pixels function imageset9pixel($image,$x,$y,$color){ for($i=$x-1;$i<$x+1;$i++){ ...

Comments Read more

How to stop bots, antibot practices

2010-04-19

The simplest way is to create an input in form, and hide it using CSS. Because no human can see it, so it should be aways empty. Lazy bots that are filling forms, are filling usually all fields, so you can just check if hidden input is filled, then it must be a bot. A bit more complex, but also more secure way is to create CAPTCHA...

Comments Read more

Preventing SQL Injections and Cross-Site Scripting

2010-04-19

To secure your site from SQL Injections and Cross-Site Scripting you must validate every user input  field. And don't forget about url adress, you must verify $_GET data, too. There is a simple way to do this, without checking every user input. You can do all with this function: <?php //$arr array to be checked, $html -...

Comments Read more