Search found 277 matches
- Fri Jun 02, 2006 7:22 am
- Forum: PHP - Code
- Topic: Is there such a thing as...
- Replies: 3
- Views: 804
hehe, how do you intend do test a database application with the SQL-queries just returning random garbage? doesn't sound very useful to me really, unless you mean something that fills the database with random garbage, but that doesn't sounds very useful either. but, I generally just set up some for ...
- Fri Jun 02, 2006 7:09 am
- Forum: PHP - Security
- Topic: How can I protect my media files from being view directly ?
- Replies: 27
- Views: 16070
- Fri Jun 02, 2006 7:05 am
- Forum: PHP - Security
- Topic: list
- Replies: 6
- Views: 3440
Well, I can sum up some of knowledge. Upload-attacks, uploading PHP-files (extremely dangerous) and accessing them in the upload-folder. SQL-injection, unquoted/slashed queries with GET-data is fed to the database allowing them to do pretty nasty stuff. These are the 2 basic most dangerous and commo...
- Fri Jun 02, 2006 6:51 am
- Forum: PHP - Security
- Topic: updating stored md5()'d hashes
- Replies: 16
- Views: 8188
- Fri Jun 02, 2006 5:02 am
- Forum: PHP - Security
- Topic: updating stored md5()'d hashes
- Replies: 16
- Views: 8188
You're thinking on too local a level. Users inevtiably restrict the number of passwords they remember to a handful - reusing each on multiple websites. If one password is cracked, then its cracked on many sites. We're protecting users here - not the local website. Also you ignore the risk of someon...
- Fri Jun 02, 2006 3:42 am
- Forum: PHP - Security
- Topic: updating stored md5()'d hashes
- Replies: 16
- Views: 8188
How about just thinking in terms of what is useful instead? Is it useful to switch from MD5? ... No, not really. Why you say? Well, if they get the MD5s (or whatever) you are screwed either way. That's still the point of the MD5, it is secure as long as no one gets the MD5. If someone gets the MD5, ...
- Tue Nov 22, 2005 6:29 am
- Forum: PHP - Code
- Topic: php5 -> exceptions. used always?
- Replies: 2
- Views: 1099
- Tue Nov 22, 2005 6:16 am
- Forum: PHP - Security
- Topic: Mutual Exclusions
- Replies: 5
- Views: 2117
What I don't really get is why you're considering 'session based' mutexes 'superior' to file-based ones. With PHP default session handler they are essentially the same. Because file-mutexes requires polling to check/acquire the mutex... session based doesn't they are internally managed by PHP and p...
- Mon Nov 21, 2005 4:17 pm
- Forum: PHP - Security
- Topic: Mutual Exclusions
- Replies: 5
- Views: 2117
Mutual Exclusions
Ok, I've been fiddeling for some while now and I can't find a good solution for this. What am I after? Just mutual exclusion for scripts, such as that provided when using sessions (all other scripts using the same session will be halted until the owner is done). Sem, etc etc is not a possibility as ...
- Thu Aug 25, 2005 9:17 am
- Forum: PHP - Code
- Topic: magic_quotes_gpc
- Replies: 10
- Views: 2016
- Thu Aug 25, 2005 5:29 am
- Forum: PHP - Code
- Topic: magic_quotes_gpc
- Replies: 10
- Views: 2016
Well that is wrong-wrong. This is the way it should be done: if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_m...
- Thu Aug 25, 2005 5:26 am
- Forum: PHP - Code
- Topic: Preventing links to make history
- Replies: 2
- Views: 712
Preventing links to make history
Hmm, I guess this doesn't entirely apply to the PHP section, but I figure that the peoplein the PHP section should know of this better than in the HTML section. So, what I want is simply, I want to be able to send links by email to people, but when they are clicked, they should not be stored in hist...
- Tue Jul 05, 2005 6:55 am
- Forum: PHP - Theory and Design
- Topic: Parsers written in PHP (Regex builder)
- Replies: 22
- Views: 7951
Hi all, I saw this forum and topic and signed up right away because right now I am working on a php security related project and ultimately the best way to solve problems are tokenizing the php code. I won't describe my project in detail but here is a link if interested: http://securityscanner.sour...
- Tue Jul 05, 2005 2:08 am
- Forum: PHP - Code
- Topic: base 36 Numbering
- Replies: 4
- Views: 988
- Mon Jul 04, 2005 7:58 am
- Forum: PHP - Code
- Topic: unlink problem
- Replies: 7
- Views: 1159