Page 2 of 2

Re: PHP Session Security

Posted: Sat Jan 24, 2009 7:54 am
by kaisellgren
rami wrote:
kaisellgren wrote:
xfactor5 wrote:
So you wanted me to share about other attacks? I think there are enough articles on the Internet about security, I'll name you a few topics you may want to know about: CSRF, SQL Injections, Chain Attacks, Header Injections, Session Fixation, Session Hijacking, Man-In-The-Middle, Session Forging, Cookie Forging, Session Poisoning, Register Globals, Magic Quotes, XSS, Data Hashing, Installer Lock, Remote Code Attacks, IP Banning, Brute Force, Error Reporting, CAPTCHA Protection, Flooding, Salting, Saucing, Peppering, Truncation attacks, Weak Randomness, Filesystem permissions, Buffer Overflows, Session Management, IP logging, SSL, Cookie encryption, I could just keep going... :D
well i am just sending my query trying to know...
does the application u write consider or migitage all these (I could just keep going... ) vunerabilities/threats in to account?
Yes. It uses very wise infrastructure to detect badly written code too. It does not just protect attacks, but also make suggestions and notify possible hacks. It covers many security related topics and features that Joomla, Wordpress or other systems do not.

Re: PHP Session Security

Posted: Sat Jan 24, 2009 9:25 pm
by rami
what does ur system does for Saucing,Installer Lock,Peppering,Truncation attacks,Session Poisoning,Session Forging
if there is a folder suppose a image folder where images are to be uploaded...
whats ur permission mode for it for it in linux 777,644 ...?

thanks

Re: PHP Session Security

Posted: Sun Jan 25, 2009 7:29 am
by kaisellgren
rami wrote:what does ur system does for Saucing,Installer Lock,Peppering,Truncation attacks,Session Poisoning,Session Forging
if there is a folder suppose a image folder where images are to be uploaded...
whats ur permission mode for it for it in linux 777,644 ...?

thanks
The permission level depends on the purpose of the folder and its contents.

Explaining all those attacks to you right here? No, sorry. You might want to read my blog. It's young though.