In order to generate a 32 character token for access to our API we currently use: I have read that this method is not cryptographically secure as it’s based on the system clock, and that openssl_random_pseudo_bytes would be a better solution as it would be harder to predict. If this is the case, what wo…
Tag: security
Secure image upload in php
I am making an image upload function which I can re-use in my code, which has to be 100% secure. Please tell me if you can spot and security holes in my initial code; UPDATE This is how far I’ve gotten with your help and some research, please tell me what you think. I don’t mind much about the spe…
How do you Encrypt and Decrypt a PHP String?
What I mean is: Maybe something like: In PHP, how can you do this? Attempted to use Crypt_Blowfish, but it didn’t work for me. Answer Updated PHP 7 ready version. It uses openssl_encrypt function from PHP OpenSSL Library.
How can i secure this API in an APK file
I am currently developing an api for a website i run. The api will be used in a number of places, and one of those places is an Android app. It’s purpose is to allow users to login, and and download files. I have the api build, and it will be using HTTPS so all of the data is fine
PHP $_SESSION for multiple users at once
I’m wondering about how the $_SESSION array works. If I have a lot of users using my site do I need to set a subarray for each user? For instance right now I have $_SESSION[‘userid’] = $userid; $…
Simplest two-way encryption using PHP
What is the simplest way of doing two way encryption in common PHP installs? I need to be able to encrypt data with a string key, and use the same key to decrypt on the other end. The security isn’t as big of a concern as the portability of the code, so I’d like to be able to keep things
Sanitize $_SERVER[‘HTTP_USER_AGENT’] & $_SERVER[‘HTTP_REFERER’] before saving to DB?
I have a feedback form which will take a couple of user inputted fields along with a few fields generated by PHP functions like ‘user-agent’ and ‘referer.’ My question is should these strings be sanitized before being inputted? I realize one could easily alter the user-agent and the re…
Where should I store an encryption key for php?
I’m writing a php application that accepts sensitive customer data, and so I need to encrypt it before storing it in a mysql database. I’m going to use mysql’s built-in AES functionality to do column-level encryption. I want to avoid storing the encryption key on the server, and so i’m…
Alternative to SSL – “Manual” Encryption? [closed]
Closed. This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed last year. Improve this question I would like to encrypt data that travels back and forth between the se…
Generating a random password in php
I am trying to generate a random password in php. However I am getting all ‘a’s and the return type is of type array and I would like it to be a string. Any ideas on how to correct the code? Thanks….