Search found 277 matches

by Syranide
Fri Jun 02, 2006 7:22 am
Forum: PHP - Code
Topic: Is there such a thing as...
Replies: 3
Views: 804

hehe, how do you intend do test a database application with the SQL-queries just returning random garbage? doesn't sound very useful to me really, unless you mean something that fills the database with random garbage, but that doesn't sounds very useful either. but, I generally just set up some for ...
by Syranide
Fri Jun 02, 2006 7:09 am
Forum: PHP - Security
Topic: How can I protect my media files from being view directly ?
Replies: 27
Views: 16070

Common protection against hotlinking is simply checking the "referrer" gotten in the headers... if it says another site, (or perhaps nothing at all, unsafe) it means it is hotlinked. This is the technique most commonly used I believe. However, you could also use sessions, that, when ever a...
by Syranide
Fri Jun 02, 2006 7:05 am
Forum: PHP - Security
Topic: list
Replies: 6
Views: 3440

Well, I can sum up some of knowledge. Upload-attacks, uploading PHP-files (extremely dangerous) and accessing them in the upload-folder. SQL-injection, unquoted/slashed queries with GET-data is fed to the database allowing them to do pretty nasty stuff. These are the 2 basic most dangerous and commo...
by Syranide
Fri Jun 02, 2006 6:51 am
Forum: PHP - Security
Topic: updating stored md5()'d hashes
Replies: 16
Views: 8188

Well, there is a negative side too if you force the conversion to the users, as he apparently doesn't want that, and I agree. I'm trying to look at it from a "solution" perspective, not the common "linux guru hacker" thinks that RSA512 is too weak as it can be cracked in a thousa...
by Syranide
Fri Jun 02, 2006 5:02 am
Forum: PHP - Security
Topic: updating stored md5()'d hashes
Replies: 16
Views: 8188

You're thinking on too local a level. Users inevtiably restrict the number of passwords they remember to a handful - reusing each on multiple websites. If one password is cracked, then its cracked on many sites. We're protecting users here - not the local website. Also you ignore the risk of someon...
by Syranide
Fri Jun 02, 2006 3:42 am
Forum: PHP - Security
Topic: updating stored md5()'d hashes
Replies: 16
Views: 8188

How about just thinking in terms of what is useful instead? Is it useful to switch from MD5? ... No, not really. Why you say? Well, if they get the MD5s (or whatever) you are screwed either way. That's still the point of the MD5, it is secure as long as no one gets the MD5. If someone gets the MD5, ...
by Syranide
Tue Nov 22, 2005 6:29 am
Forum: PHP - Code
Topic: php5 -> exceptions. used always?
Replies: 2
Views: 1099

I'd say in PHP it is a 50-50, depending on what you are doing, if you are out for building that really robust generalized system with many many classes all over, then I'd say go exceptions, if you are considering small functions or only a small site, then using the old-style "return FALSE"...
by Syranide
Tue Nov 22, 2005 6:16 am
Forum: PHP - Security
Topic: Mutual Exclusions
Replies: 5
Views: 2117

What I don't really get is why you're considering 'session based' mutexes 'superior' to file-based ones. With PHP default session handler they are essentially the same. Because file-mutexes requires polling to check/acquire the mutex... session based doesn't they are internally managed by PHP and p...
by Syranide
Mon Nov 21, 2005 4:17 pm
Forum: PHP - Security
Topic: Mutual Exclusions
Replies: 5
Views: 2117

Mutual Exclusions

Ok, I've been fiddeling for some while now and I can't find a good solution for this. What am I after? Just mutual exclusion for scripts, such as that provided when using sessions (all other scripts using the same session will be halted until the owner is done). Sem, etc etc is not a possibility as ...
by Syranide
Thu Aug 25, 2005 9:17 am
Forum: PHP - Code
Topic: magic_quotes_gpc
Replies: 10
Views: 2016

If so, why is there a function that does exactly that? set_magic_quotes_runtime -- Sets the current active configuration setting of magic_quotes_runtime http://www.php.net/manual/en/function.set-magic-quotes-runtime.php Because that is another "magic quotes" thingy, so to speak. I'm not r...
by Syranide
Thu Aug 25, 2005 5:29 am
Forum: PHP - Code
Topic: magic_quotes_gpc
Replies: 10
Views: 2016

Well that is wrong-wrong. This is the way it should be done: if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_m...
by Syranide
Thu Aug 25, 2005 5:26 am
Forum: PHP - Code
Topic: Preventing links to make history
Replies: 2
Views: 712

Preventing links to make history

Hmm, I guess this doesn't entirely apply to the PHP section, but I figure that the peoplein the PHP section should know of this better than in the HTML section. So, what I want is simply, I want to be able to send links by email to people, but when they are clicked, they should not be stored in hist...
by Syranide
Tue Jul 05, 2005 6:55 am
Forum: PHP - Theory and Design
Topic: Parsers written in PHP (Regex builder)
Replies: 22
Views: 7951

Hi all, I saw this forum and topic and signed up right away because right now I am working on a php security related project and ultimately the best way to solve problems are tokenizing the php code. I won't describe my project in detail but here is a link if interested: http://securityscanner.sour...
by Syranide
Tue Jul 05, 2005 2:08 am
Forum: PHP - Code
Topic: base 36 Numbering
Replies: 4
Views: 988

there is something similar in php too, base_convert or something like that.

EDIT: why would you ever want to store that string in the database?
by Syranide
Mon Jul 04, 2005 7:58 am
Forum: PHP - Code
Topic: unlink problem
Replies: 7
Views: 1159

you cannot unlink webpages, that would make it possible for you to unlike the entire windows site (would probably make someone happy).

Unlink can delete local files, that is on the same server, or on a network drive used by the local server.