I would like to find out the most effective way to ban any executable files from one specific sub folder on my server. I allow file uploads by users into that folder, and would like to make that folder accessible from the web. I have the root folder pretty much locked down with mod_rewrite. In that one unprot…
Tag: security
PHP input sanitizer function?
What’s a method to sanitize PHP POST data for passing to a mail function? (I prefer a method that’s not part of the mysql_function() family of functions.) I take the data, sanitize it, print it back to the user and send it in an email to a preset address. EDIT: I’m just sending the email to …
How insecure is a salted SHA1 compared to a salted SHA512
SHA1 is completely insecure and should be replaced. This question is 8+ years old and times have changed: https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/ For passwords: https://en.wikipedia.org/wiki/PBKDF2 For data: SHA3 SHA512 is more com…
Is an X-Requested-With header server check sufficient to protect against a CSRF for an ajax-driven application?
I’m working on a completely ajax-driven application where all requests pass through what basically amounts to a main controller which, at its bare bones, looks something like this: if(strtolower($…
How can I encrypt a cookie value?
How can I encrypt, and later decrypt, a cookie value in PHP? How secure will the encryption be? Answer I can not simply think of a situation where encrypting data in the cookie is useful. If you want to retain secret data about the user or his preferences, information, whatever, then store it on the server in…
How to encrypt data in javascript and decrypt in php?
Is there any javascript function that can encrypt data: For example i want to use encrypted data in my URL passed by ajax GET request, http://sample.com/mypage/TDjsavbuydksabjcbhgy where …
.htaccess deny access to specific files? more than one
I am able to disable access to a file with .htaccess, but I don’t know how to disallow multiple files to be viewed (directly, not from includes) They are .php so I can’t disable a file type (like the only tutorials online say..) Or something.. For example “home.php, file.php , test.php”…
PHP: filter_var sanitization secure enough?
I have a PHP script with the following line: Is this safe enough? How would you improve this code? Answer It is safe for that case, but for a more general approach, I’d rather use mysql_real_escape_string in conjunction with type casting: In the worst case, that will result in a 0 and will escape all ma…
Detecting Ajax in PHP and making sure request was from my own website
I use my PHP back-end to detect AJAX requests by checking for a value in $_SERVER[‘HTTP_X_REQUESTED_WITH’]. This gives me a reliable detection, making sure the request is made utilizing AJAX techniques. How can I make sure the request came from my own domain, and not an external domain/robot? www.…
Which additional securities do you add to your open source cms installations? [closed]
Closed. This question is opinion-based. It is not currently accepting answers. Want to improve this question? Update the question so it can be answered with facts and citations by editing this post. Closed 1 year ago. Improve this question I know that being open source does not necessarily makes a program mor…