Currently I am working on php project. The project main theme is to login through ssh to some cisco switch in my local network , fetch details and populate it to user. To accomplish this I have created on database in MySQL consisting switch login credentials. And my PHP code will fetch the login credentials f…
Tag: security
Generate save activation key as product key
I am trying to create a function which creates a random String. This String should consist of letters (only caps) and numbers. It will be used to activate a product. So the user has to type it into a text field. So far I found the following function: I do not have that much experience with random functions. S…
PHP Securely include files + handle invalid parameters
I’m having a little problem. I want to securely include files based on the $_GET Parameter from a subdirectory + handle if the parameter is not valid. This is my Code. Sorry I know it is a noob way of solving this. How can I improve it? Any Suggestions/Help would be highly appreciated Answer I would use…
Making a password secure
I’m currently looking for the best practice to encrypt and store a user’s password. At this moment i’m storing a ‘secret key’ composed of 16 characters in my JSON configuration and i always concatenate this secret key and the password in order to generate a ‘secure’ p…
preventing abuse of API service usage
I am planning on using Laravel in my next web project, for the backend. Using the Laravel’s built-in functionality I will build an API service. So my main concern now – is about the security of such service. Laravel’s API throttling middleware seems to be an easy to use solution, but it does…
htmlspecialchars() on array of values fetch
Lets say I fetch data with PDO $stmt = $this->dbh->prepare(“SELECT * FROM posts”); $stmt->execute(); $result = $stmt->fetchAll(); return $result; How should I use …
Where to store cookies safely on Linux
I’m running curl from PHP and I want to use cookies. Curl, in PHP, accept the option COOKIEJAR that specifies the location where to save the cookie. I wanted to set it to curl_setopt_array( …
Is there a reason that a browser would change its User Agent?
I’m currently working on a new website for a client that stores personal information and credit card info on the site. As such, security is a big concern for me. This is the first site I’ve built that has sensitive information on it, and so I’m not very familiar with the whole subject. The s…
what’s the meaning of ‘admin’ OR 1=1 — ‘
The following query return all the passwords in the table tbl_user but I can not understand why this is happening. Please help me to understand this part of the query: ‘admin’ OR 1=1 — ‘ Can you introduce other threats like this (website, book, etc)? Answer This is a classic SQL inject…
Sanitize file path in PHP without realpath()
Is there a way to safely sanitize path input, without using realpath()? Aim is to prevent malicious inputs like ../../../../../path/to/file $handle = fopen($path . ‘/’ . $filename, ‘r’);