Suppose I have a .php script on my server which interacts with a MySQL server. Part of it is: This script is solely server-side, and something like DevTools or view-source://web.address will not show the source code. However, it is really important that nobody is able to see this source code because it bears …
Tag: security
How to handle if a client change some data attributes from the client side?
I have communities list on my page and each community item has a delete button. Now when I click on a delete button I want to delete related community item. But… I can inspect these delete buttons from the browser and change it’s data-id value to something else(if a data-id of a delete button is 1…
how does this protect against csrf attacks?
I’m working on making my opencart project and used This Article to write custom apis. It uses this block of code to do a security check against csrf attacks: My question is how is that going to protect against csrf attacks according to the article? It seems it just sets Access-Control-Allow-Origin heade…
Laravel app interacting with a 3rd party API to get a token
I have one Laravel app with a GUI where the user logs in based on the data from a MySQL database. When the user logs in, the server needs to make a request to a specific endpoint of a 3rd party API in …
Is there any way that my HTML securer could be exploited?
I’ve finally managed to make a function which does the following: Takes a string as input. This can be either an entire HTML document or a HTML “snippet” (even broken). Creates a DOMDocument from this and loops through all nodes. Whenever it encounters any node whose element is outside of a …
PHP – How to use csrf token in multiple forms on the same page
I have 2 forms on the same page. I want to use the csrf token in both forms. when I try to use it, it regenerates the csrf token on form submission. How can I solve this? <?php function csrf_token(…
Define ‘Path’ (URL) to one level above parent root
In reading various opinions on securing a PHP document containing database access information (to connect to the database), it’s been suggested several times to place this PHP file outside of the root …
Using $_GET in system() function – security question
So let’s say we have a following code: Is it secure? Can I escape from double quotes somehow? The …
Prevent SQL injection attack in PHP
I would like to prevent SQL attacks on this piece of PHP code (this is just a practice exercise in class). This can easily be exploited by setting @mail equal to something like ‘); DROP TABLE PURCHASE;…
How can I code a PHP file upload specificly for json files that is secure and wont allow Php or html to be uploaded
I am working on a site that allows models to be uploaded. the models are json format like this : {“meta”:{“format_version”:”3.0″,”model_format”:”bedrock_old”,”box_uv”:true},”name”:”crocodile”,”…