My Blog
contains PHP, Web and business/entrepreneurial related content. Please join in the conversation!
Tag Archives: security
Password Complexity Class
After many times of coding relatively the same thing, it becomes prudent to have a standard library for certain sets of processes. Of course – that is why there are things like frameworks! At any rate, one of the biggest … Continue reading
How custom passphrases/pictures still don't protect against phishing
As you probably remember, I have lots of interest in phishing techniques (I talked about one here, and preventing them here). I’ve noticed a new trend: a dual stage login form with a custom picture or passphrase. Users are to … Continue reading
Finally – PHP has NoIndex on phpinfo output
Security Issue? A big issue with PHP security had been the developers creating a php info page and not removing it from a production site. As you may know, phpinfo() will dump a ton of useful information (for the developer … Continue reading
JS Tool – Security Auditing in Javascript
JSTool was a trial run of combining many different scripts from the open source community into a security and auditing script. Features would include history viewing, website status reporting and port scanning. Very little original code – just combinations of … Continue reading
PHP Shared Host – Session File Browser Script
PHP stores its session information into flat files unencrypted by default. In shared hosting situations, this can be a big security issue. This script allows easy access to the attributes of these files as well as decoding of the values … Continue reading
XSS with Img OnError attribute
So much of my time is spent worrying over the src or href tags on images and links – that I sometimes forget about the other attributes. Imagine being able to make an image which has no black-flagged content in … Continue reading
Update your URL filtering: possible XSS from "Data" URL scheme – Firefox
In regards to the Data in URL scheme (RFC here), I’ve found an interesting issue with the way firefox handles it which could lead to some XSS I think. First of all, if you’re not aware of the feature, let … Continue reading
Securing WordPress – what my 'oops' reminded me
I don’t want to admit it – but I messed up. I didn’t patch wordpress – and I was a victim of one of the released wp exploits. How could you let this happen? you ask. Well, I was lazy. … Continue reading
Cross Domain AJAX – A quick anatomy of a mashup
So after searching the Internet for some cross domain AJAX stuff, I noticed two interesting articles. The first was the specifics of writing these queries (located here). Then, the next gave a breakdown of how this might be useful in … Continue reading
Write Security Triggers Against SQL Injection
An interesting idea that a colleague told me about was a ‘security trigger’ in any application that has a SQL type storage engine. The trick is to make sure that your admin account is not ID #1 and that your … Continue reading