PHP Session Security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: PHP Session Security

Post by kaisellgren »

rami wrote:
kaisellgren wrote:
xfactor5 wrote:
So you wanted me to share about other attacks? I think there are enough articles on the Internet about security, I'll name you a few topics you may want to know about: CSRF, SQL Injections, Chain Attacks, Header Injections, Session Fixation, Session Hijacking, Man-In-The-Middle, Session Forging, Cookie Forging, Session Poisoning, Register Globals, Magic Quotes, XSS, Data Hashing, Installer Lock, Remote Code Attacks, IP Banning, Brute Force, Error Reporting, CAPTCHA Protection, Flooding, Salting, Saucing, Peppering, Truncation attacks, Weak Randomness, Filesystem permissions, Buffer Overflows, Session Management, IP logging, SSL, Cookie encryption, I could just keep going... :D
well i am just sending my query trying to know...
does the application u write consider or migitage all these (I could just keep going... ) vunerabilities/threats in to account?
Yes. It uses very wise infrastructure to detect badly written code too. It does not just protect attacks, but also make suggestions and notify possible hacks. It covers many security related topics and features that Joomla, Wordpress or other systems do not.
rami
Forum Contributor
Posts: 217
Joined: Thu Sep 15, 2005 8:55 am

Re: PHP Session Security

Post by rami »

what does ur system does for Saucing,Installer Lock,Peppering,Truncation attacks,Session Poisoning,Session Forging
if there is a folder suppose a image folder where images are to be uploaded...
whats ur permission mode for it for it in linux 777,644 ...?

thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: PHP Session Security

Post by kaisellgren »

rami wrote:what does ur system does for Saucing,Installer Lock,Peppering,Truncation attacks,Session Poisoning,Session Forging
if there is a folder suppose a image folder where images are to be uploaded...
whats ur permission mode for it for it in linux 777,644 ...?

thanks
The permission level depends on the purpose of the folder and its contents.

Explaining all those attacks to you right here? No, sorry. You might want to read my blog. It's young though.
Post Reply