[PHP] PHP Security

Can someone point me in the right direction in determining just how secure PHP really is? Should you have any questions, comments or concerns, feel free to call me at 318-338-2034. Thank you for your time, Jay Fitzgerald, Design Director - CSBW-A, CPW-A, CWD-A, CEMS-A ===

[PHP] PHP Security

Does anyone have favorite links related to PHP security? My Google searches have been bringing up a lot of info, but I'd like to make sure everything's covered. My idea is to collect advice and recommendations on design, style, and methodologies for secure PHP programming. I will be organizing

[PHP] PHP Security

Hey All, For a virtual hosting stand point, which is better to run, the module or the cgi version of php? Can you also explain why one is better than the other..? Thanks Ray Parish, RHCE -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additiona

[PHP] PHP security

I need to store username and password for mysql in a file to be used by PHP. I am concerned with PHP's security. Can anyone use showsource() to read php source even if they are on a different server or they are spoofing my ip address (hacking)? If I put a file with the secure data in a directory

[PHP] PHP Security

I am looking for a good, practical tutorial on what I should be doing as a developer to create a secure web site (PHP related). I have looked in my PHP text and searched the web, but haven't found anything real useful. I am not interested in Apache or OS security, as this is -hopefully- taken care

[PHP] PHP Security

I have been using the .htpasswd/.htaccess convention to authenticate our 3000 employees. I want to move away from the .htpasswd/.htaccess convention and use a PHP form to authenticate against the database. I can create the PHP authentication page, no problem, but how do I check authentication on

[PHP] PHP Security

Hi all, I am currently setting up the next generation web server for our company and am in need of general consulting/advice on php set up security issues. Any one with knowledge and expierience please feel free to reply :-). -Grant

[PHP] php security

I was looking to see if there was a quick checklist of settings for php to be disabled/enabled in the ini file to make the application more secure. I'm making sure the apps we come out with dont allow sql injections, or form injections and so forth, I have just seen some posts about magic quotes an

[PHP] PHP Security

I have been studying PHP all summer because I wanted to put some PHP code on my schools web site. I got to school and went to the web design teacher. I asked him if they had installed PHP on their server. He said that the district thinks that it would be a HUGE security risk and that people at

[PHP] Php security

Hi all i wanted to check with if it is possible to see the contents of a .php file. I have heard of the Zend Encoder, but I was wondering how could a person see my php script ? Any information in this direction would be useful? TIA --Pushpinder Singh Garcha _ W

[PHP] PHP security

I know somebody who coded a PHP script that attempts to prevent post flooding and some other potential security 'flaws'. I know quite alot about PHP, some things are still beyond my knowledge. I was wondering if some people could have a look at it to see if it is a viable way of reducing secrity r

[PHP] PHP Security

I subscribe to a number of security mailing lists as I suspect many of you do, being developers and all. The other day a post came across one of those mailing lists discussing PHP security. One of the posters was describing how insecure PHP's file upload functionality is and went on to explain a

[PHP] PHP security

While back I read in an article that placing UN and PASSwords in a PHP was not secure. couple of open source programs that I have seen they have for example $database = ; $username = ; $password = ; It makes me wonder how secure in reallity it is to place your UN and Passwords on a

[PHP] PHP Security Extension

First of all sorry if you have already read this on one of the other PHP Mailing Lists, the reason I am posting it in a couple of different ones is because I really do believe that many people can make use of this extenstion and I know there are people out there who need this extension because I h

[PHP] PHP Security Leak

I'm wondering if anyone has any ideas on how to make a login site more secure. Since I'm not really sure if I've explained myself well enough and don't really know how else to say it, I'll just give examples and then you guys can follow suit and mention some oversights: I have a regular logon: us

Re: [PHP] PHP Security

On Mon, 29 Apr 2002, Jay Fitzgerald wrote: > Can someone point me in the right direction in determining just how secure > PHP really is? What are you actually trying to find out? As far as actual security problems in PHP, where the interpreter behaves contrary to documentation when provided wit

[PHP] PHP Security Update

Hi, Is there any way to check in the Apache logs whether someone has tried this exploit? Regards, Xavier -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Security

I found a great windows PHP IDE called PHP Coder. Reminds me a bit of ColdFusion Studio. The website is http://www.phpide.de -Original Message- From: Ray Parish [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 18, 2001 5:54 PM To: [EMAIL PROTECTED] Subject: [PHP] PHP Security Hey

Re: [PHP] PHP Security

Hi Ray, Ray Parish wrote: > For a virtual hosting stand point, which is better to run, the module or > the cgi version of php? Can you also explain why one is better than the > other..? It depends on your needs. If you care about security you should use the cgi-version and place it outside the

Re: [PHP] PHP security

> I need to store username and password for mysql in a file to be used by PHP. > I am concerned with PHP's security. Can anyone use showsource() to read php > source even if they are on a different server or they are spoofing my ip > address (hacking)? No, of course not. > If I put a file with

RE: [PHP] PHP Security

{ $var=$default; //echo "is not int"; } return($var); } $intvar = SecureInt($intvar,1); - seb -Original Message- From: Alfredeen, Johan [mailto:[EMAIL PROTECTED]] Sent: 31 August 2001 15:54 To: [EMAIL PROTECTED] Subject: [PHP] PHP Security I am looki

RE: [PHP] PHP Security

Message- From: Seb Frost [mailto:[EMAIL PROTECTED]] Sent: Friday, August 31, 2001 9:57 AM To: Alfredeen, Johan; [EMAIL PROTECTED] Subject: RE: [PHP] PHP Security Great question - I'd love to know too. I can give you one hint. Make sure that you validate any variables passed in the url. I

Re: [PHP] PHP Security

Hi Allen, What you should do is check the session variable from within PHP. If it doesn't exist, you redirect to a PHP authentication form. So at the head of each page you need something like: And in your PHP authentication form, you register the logged_in variable after the user details have b

Re: [PHP] PHP Security

y is built on top of previous ). Please let me know what you think, at least I then know someone red it -:) Ben Regards, Ben "Allen May" <[EMAIL PROTECTED]> on 13/09/2001 13:40:06 To: <[EMAIL PROTECTED]> cc: Subject: [PHP] PHP Security I have been usi

Re: [PHP] PHP Security

t; Don't see much point in allow_select ;-) > > Sure you could also define which fields users DO NOT have access to on top > of this with another table ( defining what fields users DO have access is > crazy as this security is built on top of previous ). > > Please let m

Re: [PHP] PHP SECURITY

On Saturday 24 November 2001 04:24 am, [EMAIL PROTECTED] wrote: > But when any of our user use readdir and other commands for manipulating > with directories - this user can read scripts of others. > > Do you know what to do ? 1) Read the PHP manual chapter on security: http://www.php.net/manua

Re: [PHP] PHP Security

H, how about some details on OS, etc Bastien Sent from my iPod On Jun 2, 2009, at 17:26, "Grant Peel" wrote: Hi all, I am currently setting up the next generation web server for our company and am in need of general consulting/advice on php set up security issues. Any one with kno

Re: [PHP] PHP Security

> On Jun 2, 2009, at 17:26, "Grant Peel" wrote: > > I am currently setting up the next generation web server for our > company and am in need of general consulting/advice on php set up > security issues. For "general" considerations, start here: http://www.php.net/manual/en/security.general.

Re: [PHP] PHP Security

its -Grant - Original Message - From: "Phpster" To: "Grant Peel" Cc: Sent: Tuesday, June 02, 2009 5:53 PM Subject: Re: [PHP] PHP Security H, how about some details on OS, etc Bastien Sent from my iPod On Jun 2, 2009, at 17:26, "Grant Peel"

[PHP] PHP Security!!! www.armorize.com

Hi, I would like to introduce a new tool for verifying your PHP application's security. Our product uses the most advanced static source code analysis for identifying vulnerabilities in PHP code. Right now we are working with our version 1.17 which has improved functionality, speed and cover

[PHP] php security books

http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350?initialSearch=1&url=search-alias%3Daps&field-keywords=php+security&Go.x=0&Go.y=0&Go=Go looking at the top 3 on the list here, personally I quite like the O'Reilly books. Can someone recommend one of these or any other that will give me a

Re: [PHP] php security

I would look here for an idea. http://phpsec.org/projects/guide/ I think you'll find many opinions on the matter. One thing to remember is that once the app goes live your job doesnt stop there you'll need to be just as stringent about security and checking logs and errors as you were when you we

Re: [PHP] php security

Dallas Cahker wrote: I was looking to see if there was a quick checklist of settings for php to be disabled/enabled in the ini file to make the application more secure. I'm making sure the apps we come out with dont allow sql injections, or form injections and so forth, I have just seen some pos

Re: [PHP] php security

Dallas Cahker wrote: I was looking to see if there was a quick checklist of settings for php to be disabled/enabled in the ini file to make the application more secure. Although there are some directives worth disabling (register_globals, magic_quotes_gpc, allow_url_fopen), most vulnerabilitie

Re: [PHP] php security

php.ini-anal-retentive-paranoid. I'm editing mine for that right now, everything is off, the sever has a keyboard, mouse, monitor no cd/dvd, no floppy, no usb and is unplugged from the network, there are 6 security guards that surround you and they give you 5 minutes on a timer. On 4/6/06, Kevin

Re: [PHP] php security

Cool Chris I'm going to take a look at that movie. Dallas there is a section at the top of the ini file that lists some directives and their status to address security or performance issues, but as Chris mentioned your code could be as big of a risk as anything so pay attention to that. On 4/6/0

RE: [PHP] php security

> > Cool Chris I'm going to take a look at that movie. Dallas there is a > section at the top of the ini file that lists some directives and > their status to address security or performance issues, but as Chris > mentioned your code could be as big of a risk as anything so pay > attention to th

Re: [PHP] PHP Security

also PHP HIT BY ANOTHER CRITICAL FLAW A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,104124,00.html Ian C. Mc

Re: [PHP] PHP Security

Santosh Jambhlikar wrote: also PHP HIT BY ANOTHER CRITICAL FLAW A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers. http://www.computerworld.com/securitytopics/security/holes/story/0,10801,

Re: [PHP] PHP Security

Ian C. McGarvey wrote: > I have been studying PHP all summer because I wanted to put some > PHP code on my schools web site. I got to school and went to the > web design teacher. I asked him if they had installed PHP on their > server. He said that the district thinks that it would be a HUGE > sec

Re: [PHP] PHP Security

As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in php mailing list. Jasper Bryant-Greene wrote:

Re: [PHP] PHP Security

Santosh Jambhlikar wrote: As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. Jasper is trying to make sure people know the truth. Articles like the one you mentioned are doing quite the opposite. I am sorry if i did something

Re: [PHP] PHP Security

Santosh Jambhlikar wrote: As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in php mailing list. The

Re: [PHP] PHP Security

Santosh: Personally what I think you did wrong, was to simply paste the header of that news article into your email. You simply said that PHP was hit by another security hole, that allowed crackers(sometimes incorrectly refered to as hackers), to gain access to any php service. I don't think you wo

Re: [PHP] PHP Security

At 02:37 AM 8/26/2005, Santosh Jambhlikar wrote: As this is the php mailing list it is obvious that i should not write against php. but people should know the truth. And it's a news (not by me) that's why i wanted to send link to u peoples. I am sorry if i did something wrong, i am new user in

Re: [PHP] PHP Security

Of course, if you ever see a news story that describes PHP as a web service protocol, you probably want to stop reading immediately. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ Actually, I wanted to read more, just to find out how badly things were

Re: [PHP] PHP Security

On Fri, August 26, 2005 12:32 am, Chris Shiflett wrote: > Of course, if you ever see a news story that describes PHP as a web > service protocol, you probably want to stop reading immediately. :-) The actual text is: "...in a Web service protocol FOR PHP" ^^^ [emphasis

Re: [PHP] PHP Security

Richard Lynch wrote: The actual text is: "...in a Web service protocol FOR PHP" Good catch. The summary sent to the list was: "A new security flaw in the PHP Web service protocol used by a large number of Web applications could allow attackers to take control of vulnerable servers." Thank

Re: [PHP] Php security

--- Pushpinder Singh Garcha <[EMAIL PROTECTED]> wrote: > i wanted to check with if it is possible to see the > contents of a .php file. You can open any normal PHP script in a text editor. > I have heard of the Zend Encoder, but I was wondering > how could a person see my php script? If you use

[PHP] PHP Security Issue?

Hi Everyone, Oddball error randomly shows up when accessing pages on my web hosting provider. The error message is below. My account is obb4wine. PHP behaves as if I'm the account budguy when the script error occurs. A page refresh usually makes the error go away. The error happens frequent

Re: [PHP] PHP security

request floods and such are not the responsability of the programmer is it? Sounds more like a sys admin problem? i could be wrong. Jason "Martin Nicholls" <[EMAIL PROTECTED]> wrote: > > I know somebody who coded a PHP script that attempts to prevent post > flooding and some other potential sec

Re: [PHP] PHP security

no, but i suppose you have options available to prevent them, and it may be a sysadmins problem, but there is a good chance that it may be your fault, I can see how if you are a freelance devloper, it may look bad if the client wants to hire for another job, and your code was the flaw in an otherwi

Re: [PHP] PHP Security

--- Greg Donald <[EMAIL PROTECTED]> wrote: > The other day a post came across one of those mailing lists discussing > PHP security. One of the posters was describing how insecure PHP's > file upload functionality is and went on to explain a simple method of > attaching exploit code to the end of a

Re: [PHP] PHP Security

Greg Donald wrote: > The other day a post came across one of those mailing lists discussing > PHP security. One of the posters was describing how insecure PHP's > file upload functionality is and went on to explain a simple method of > attaching exploit code to the end of a jpeg or other image for

Re: [PHP] PHP Security

> There are times when one needs to parse a file that ends in .jpg (or > .jpeg) as PHP. > > Specifically, broken browsers (various versions of IE) that ignore > Content-type: headers and use the URL to determine the MIME type will not > correctly display a URL such as: > > http://l-i-e.com/gd_exa

Re: [PHP] PHP Security

Rory Browne wrote: >> There are times when one needs to parse a file that ends in .jpg (or >> .jpeg) as PHP. >> >> Specifically, broken browsers (various versions of IE) that ignore >> Content-type: headers and use the URL to determine the MIME type will >> not >> correctly display a URL such as: >

Re: [PHP] PHP Security

--- Richard Lynch <[EMAIL PROTECTED]> wrote: > There are times when one needs to parse a file that ends in .jpg > (or .jpeg) as PHP. I can't think of any, unless it's prove that you can do it. :-) > Specifically, broken browsers (various versions of IE) that ignore > Content-type: headers and use

Re: [PHP] PHP Security

> There are better ways to do this than parsing .jpg files as PHP. One > obvious one is: > > http://example.org/image.php/foo.jpg I believe this broke on a very very very obscure version of IE -- Maybe even the re-branded IE I ran into one time [shudder]. In theory, it was just IE X.xx.yy, but it

[PHP] PHP Security Advisory

http://www.hardened-php.net/advisories/012004.txt -- Greg Donald Zend Certified Engineer http://gdconsultants.com/ http://destiney.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Security Consortium

The PHP Security Consortium has officially launched. The following is the press release: -- Leading PHP Experts Join Forces to Establish the PHP Security Consortium NEW YORK, NY - January 31, 2005 - An international group of PHP experts today announced the official launch of the PHP Security Con

Re: [PHP] PHP security

On Thu, 2005-02-17 at 20:47 -0600, .hG wrote: > While back I read in an article that placing UN and PASSwords in a PHP was > not secure. couple of open source programs that I have seen they have for > example > > $database = ; > $username = ; > $password = ; > > It makes me wond

Re: [PHP] PHP security

--- ".hG" <[EMAIL PROTECTED]> wrote: > While back I read in an article that placing UN and PASSwords in a PHP > was not secure. Well, that's very subjective. In a shared hosting environment, it certainly does pose a risk. If you place it within document root (don't do that), it poses a signifi

Re: [PHP] PHP security

On Thu, 17 Feb 2005 20:47:28 -0600, .hG <[EMAIL PROTECTED]> wrote: > > It makes me wonder how secure in reallity it is to place your UN and > Passwords on a PHP file. > Best idea is to place such information in an include file, which you can call using the include() or require() statements -

Re: [PHP] PHP security

you could also encrypt the file using one of the encoders that are out there. Some are free and some are paid for -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP security

On Fri, 18 Feb 2005 11:42:36 +, John Cage <[EMAIL PROTECTED]> wrote: > you could also encrypt the file using one of the encoders that are out > there. Some are free and some are paid for Never thought of that ;-) http://www.zend.com/store/products/zend-encoder.php?home (Commercial) http://www

Re: [PHP] PHP security

Thanks everyone for your input. I was just curios since everyone is so concern about security, yet some messageboards/CMS use passwords for their databases on the index page or an include. -- ...hG http://www.helmutgranda.com "Robby Russell" <[EMAIL PROTECTED]> wrote in message news:[EMAIL

[PHP] PHP Security Workbook

This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL: http://shiflett.org/php-security.pdf It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics. I hope you find it helpful. C

RE: [PHP] PHP security FAQ

think that even prevents users from uploading to their directories. Hope this helps, David Price -Original Message- From: cp@unknown [mailto:cp@unknown]On Behalf Of Christian Politz Sent: Monday, July 09, 2001 10:15 AM To: [EMAIL PROTECTED] Subject: [PHP] PHP security FAQ Hi, i have a ques

RE: [PHP] PHP Security Leak

> -Original Message- > From: Liam Gibbs [mailto:[EMAIL PROTECTED]] > Sent: Thursday, April 25, 2002 8:20 PM > To: [EMAIL PROTECTED] > Subject: [PHP] PHP Security Leak > > I'm wondering if anyone has any ideas on how to make a > login site more secure. Since

RE: [PHP] PHP Security Leak

l 25, 2002 8:20 PM > > To: [EMAIL PROTECTED] > > Subject: [PHP] PHP Security Leak > > > > I'm wondering if anyone has any ideas on how to make a > > login site more secure. Since I'm not really sure if > > I've explained myself well enough and don

RE: [PHP] PHP Security Leak

IL PROTECTED] > Subject: RE: [PHP] PHP Security Leak > > This brings up another issue, how the heck do you get data binding? For > the life of me I don't see where the _query functions support SQL like: > > "SELECT AuthenticateUser(?,?)" where then the first param mi

RE: [PHP] PHP Security Leak

-BEGIN PGP MESSAGE- Comment: For info see http://www.gnupg.org owGlWL9vHMcVlmy4IcDCQIC0L2qONJZLibGS4GDrN63QpkRFRyURDEGY2527Hd3s znpmlucNYDduXLhwlyqA/4BUaVwZSJogQJIirowAKVykc7oAQrp8b3bvdu9ES5bM I4i7mX1v3rz3fd97x083Xz770qsffPPOHz6JPv/p2b9+48+88Rf15QH5TBUzqk1F uXJVkUrrvDEp5TKmAxLaSpHWlIkTSYK

Re: [PHP] PHP Security Update

;[EMAIL PROTECTED]> Sent: Monday, March 04, 2002 8:48 AM Subject: [PHP] PHP Security Update > Hi, > > Is there any way to check in the Apache logs whether someone has tried this > exploit? > > Regards, > Xavier > > > -- > PHP General Mailing List (http://www.php

[PHP] php security mailing list ...

Hi ... I want to be warned about php security issues, I couldn't find an exact match in the mailing list names ... which one do you recommend me? Thanks in advance. saludos dario estepario ... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.ph

[PHP] PHP Security: Best Practices

Hello all, I am currently researching security best practices/methods. Can anyone offer any current resources/recommendations? My research thus far has included password hashing with salting/stretching, session hash defaults, session management & authentication, and prepared statements via PDO

Re: [PHP] php security books

At 11:22 AM +0100 7/4/07, Ross wrote: http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350?initialSearch=1&url=search-alias%3Daps&field-keywords=php+security&Go.x=0&Go.y=0&Go=Go looking at the top 3 on the list here, personally I quite like the O'Reilly books. Can someone recommend one of t

Re: [PHP] php security books

On Jul 4, 2007, at 3:22 AM, Ross wrote: http://amazon.co.uk/s/ref=nb_ss_w_h_/203-1671317-2810350? initialSearch=1&url=search-alias%3Daps&field- keywords=php+security&Go.x=0&Go.y=0&Go=Go looking at the top 3 on the list here, personally I quite like the O'Reilly books. Can someone recom

RE: [PHP] PHP Security Consortium

Chris Shiflett on Sunday, January 30, 2005 10:19 PM said: > The PHP Security Consortium has officially launched. The following is > the press release: Oooh cool! This looks to be a great resource. Keep up the good work Chris. Another, Chris. -- PHP General Maili

Re: [PHP] PHP Security Workbook

Chris Shiflett wrote: This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL: http://shiflett.org/php-security.pdf It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics. Nice articl

Re: [PHP] PHP Security Workbook

--- Burhan Khalid <[EMAIL PROTECTED]> wrote: > Most of the stuff was common sense to me (and I was glad I > was doing those things unconsciously). That's good to hear. :-) Most of the people that have heard me give this talk (which is a few hundred now) have realized several vulnerabilities in th

Re: [PHP] PHP Security Workbook

t; To: "Burhan Khalid" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Sunday, August 15, 2004 4:05 PM Subject: Re: [PHP] PHP Security Workbook > --- Burhan Khalid <[EMAIL PROTECTED]> wrote: > > Most of the stuff was common sense to me (and I was glad I > >

Re: [PHP] PHP Security Workbook

--- Octavian Rasnita <[EMAIL PROTECTED]> wrote: > I have also read that pdf document and I have found another > interesting advice. > > The author says that a good way of hiding the username/password > is to put a file that exports 2 environment variables in a directory > that can be read only by

Re: [PHP] PHP Security Workbook

Oh thank you for this information. This is very important for me to know. > Yes, this is another thing that I mention in the talk but failed to > include in the workbook. When this approach is being applied to a shared > hosting environment, you want to put the Include directive within a > Virtual

Re: [PHP] PHP Security Workbook

Chris Shiflett wrote: This news is a bit old, but I have made the workbook for my OSCON tutorial freely available from this URL: http://shiflett.org/php-security.pdf It's a 55 page PDF that has a lot of information (more than the slides) about some of the more important security topics. I hope you

Re: [PHP] PHP Security Workbook

--- John Nichel <[EMAIL PROTECTED]> wrote: > Chris Shiflett wrote: > > This news is a bit old, but I have made the workbook for my > > OSCON tutorial freely available from this URL: > > > > http://shiflett.org/php-security.pdf > > > > It's a 55 page PDF that has a lot of information (more than >

Re: [PHP] PHP Security Workbook

Thanks for the article Chris. Printing it out now and will read it later. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] PHP Security - "view source code"

How easy/hard is it to view the PHP source code when you're at website? I noticed when I was using Internet Explorer, if I pressed "view source"...it would show the HTML but not the PHP. -Phil

RE: [PHP] PHP Security Leak (plaintext)

gins > > > > > -Original Message- > > From: Joshua b. Jore [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, April 25, 2002 10:26 PM > > Cc: [EMAIL PROTECTED] > > Subject: RE: [PHP] PHP Security Leak > > > > This brings up another issue,

RE: [PHP] PHP Security Leak (plaintext)

-- From: Joshua b. Jore [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 4:00 PM To: Maxim Maletsky (PHPBeginner.com) Cc: [EMAIL PROTECTED] Subject: RE: [PHP] PHP Security Leak (plaintext) Foo. Somehow I encrypted the last message. --[PinePGP]--

RE: [PHP] PHP Security Leak (plaintext)

> I think you misunderstood me. I already have a AuthenticateUser(TEXT,TEXT) > function that works great. What I don't understand is how to get PHP to > use place holders for data binding. This is more generic database issue. I > could have also written: > > "INSERT INTO foo (a,b) VALUES (?,?)" >

RE: [PHP] PHP Security Leak (plaintext)

At 4:00 PM -0500 25/4/02, Joshua b. Jore wrote: >"INSERT INTO foo (a,b) VALUES (?,?)" $my_val_a = addslashes($HTTP_POST_VARS["val_a"]); $my_val_b = addslashes($HTTP_POST_VARS["val_b"]); $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)"; Or if you have magic_quotes_gpc turned on (the

RE: [PHP] PHP Security Leak (plaintext)

> $my_val_a = addslashes($HTTP_POST_VARS["val_a"]); > $my_val_b = addslashes($HTTP_POST_VARS["val_b"]); > $query = "INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b)"; > > Or if you have magic_quotes_gpc turned on (the default) all vars passed > in from forms/cookies are quoted and SQL injection

Re: [PHP] php security mailing list ...

php-announce sends out notices. On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote: > Hi ... > > I want to be warned about php security issues, I couldn't find > an exact match in the mailing list names ... which one do you > recommend me? > > Thanks in advance. > > saludos > dario estep

Re: [PHP] php security mailing list ...

TECTED]>; <[EMAIL PROTECTED]> Sent: Monday, July 22, 2002 9:19 AM Subject: Re: [PHP] php security mailing list ... > php-announce sends out notices. > > > > On Monday 22 July 2002 16:07 pm, Dario Bahena Tapia wrote: > > Hi ... > > > > I want to be warned about

Re: [PHP] php security mailing list ...

skipped a few times, but you'll notice > people asking on every other list about what the changes are. > > - Original Message - > From: "Evan Nemerson" <[EMAIL PROTECTED]> > To: "Dario Bahena Tapia" <[EMAIL PROTECTED]>; > <[EMAIL PROTECT

[PHP] PHP security bug and patch

Hello, when applying patch on version 4.2.1 then in phpinfo(); is still PHP Version 4.2.1 but SERVER_SOFTWARE: Apache/1.3.26 (Unix) PHP/4.2.2 mod_ssl/2.8.9 OpenSSL/0.9.6d-beta1 Regards, Michal Dvoracek [EMAIL PROTECTED] Capitol Internet Publisher, Korunovacni 6, 170 00 P

[PHP] PHP Security Info - PLEASE READ

http://www.securereality.com.au/studyinscarlet.txt -- Austin Gonyou Systems Architect, CCNA Coremetrics, Inc. Phone: 512-796-9023 email: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTEC

Re: [PHP] PHP Security: Best Practices

On Mon, Aug 8, 2011 at 10:08 AM, Jen Rasmussen wrote: [snip] > > On a side note, PHP versions prior to 5.3+ do not allow to set the httponly > flag as a cookie parameter, is there any acceptable alternative for this? I believe that has been supported since 5.2.0. As for a workaround for versions

RE: [PHP] PHP Security: Best Practices

Thanks, Andrew! I am unfortunately not even running 5.2..so that helps. Jen -Original Message- From: Andrew Ballard [mailto:aball...@gmail.com] Sent: Monday, August 08, 2011 9:57 AM To: j...@cetaceasound.com Cc: php-general@lists.php.net Subject: Re: [PHP] PHP Security: Best Practices

Re: [PHP] PHP Security: Best Practices

> I am currently researching security best > practices/methods. Can anyone offer > any current resources/recommendations? That is a huge arena and the question can not be answered very well without describing what you are needing to protect. Security in debth depends upon what you are protecting a

  1   2   >