 | News Feed |
 | Jobs Feed |
Sections
|
| feed this: |  |
Thomas Weidner's Blog: Zend_File_Transfer examples or using validators to increase security
by Chris Cornutt July 24, 2008 @ 13:41:47
Thomas Weidner has posted about a method he's come up with to help protect you and your site when uploading files through the Zend_File_Transfer component from the Zend Framework.
The new Zend_File_Transfer component is growing day for day.
As incredible new feature this component allows to use file validators. These are necessary to increase security and allow to define rules for file uploads (and also downloads in future).
He illustrates with a simple Zend_File_Transfer object that uses an addValidators call to limit the size of the upload to 50 KB. Other validation rules include count (the number of files to expect), extension, filessize and imagesize. Using these he makes a "more secure" upload object setting the size to 205KB, to expect five files that are all under 1MB and are of the types gif/jpg/png.
voice your opinion now!
zendfiletransfer component zendframework secure validator
Ed Finkler's Blog: Encouraging steps towards security in Wordpress 2.5
by Chris Cornutt April 02, 2008 @ 21:09:47
Ed Finkler, not normally a big fan of the WordPress PHP-based blogging system, has pointed out some positive steps that were made in the latest release in the security arena.
Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.
He mentions two things in particular - their addition of salted passwords and secure cookies.
voice your opinion now!
wordpress security secure cookie password hash blog
PHPBuilder.com: Securing Data Sent Via GET Requests
by Chris Cornutt December 14, 2007 @ 08:49:00
PHPBuilder.com has a new article by Hillel Aftel about his method of choice for securing the data that you send over the GET string when moving things around on your site.
In this article I'm going to show you how you can use PHP to encode your data for transit. Most importantly, it will be done in a way that makes the data decodable, and therefore much more usable, by the receiving page.
His encryption method - sending everything in a single string and modifying the scheme each time - uses static pairs of values (of your choosing) to "encode" the outgoing string. It actually consists of three different files: the script itself, a single-use script that makes the third file, an include file to handle the conversion back from the encoded results.
voice your opinion now!
get request secure data encode decode salt convert get request secure data encode decode salt convert
PHPBuilder.com: Securing Data Sent Via GET Requests
by Chris Cornutt May 11, 2007 @ 07:20:34
On PHPBuilder.com today, there's a new tutorial that talks about a method to securing data sent via GET requests in your application.
In this article I'm going to show you how you can use PHP to encode your data for transit. Most importantly, it will be done in a way that makes the data decodable, and therefore much more usable, by the receiving page.
They talk about some of the advantages to encryption before getting into how it actually works. Their example script is separated out into three PHP files - the main part of the script, a single-use script that, in turn, creates the third file, include file for the encode/decode functions. With the structure defined, they move on to the code - the generation of the file with the large multi-dimensional array and the two functions to encode and decode the information.
voice your opinion now!
get request secure encrypt request tutorial get request secure encrypt request tutorial
|
Community Events
Don't see your event here? Let us know!
|