Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- COOKIE

  Password-less login

Most websites need user login in order to provide personalized content to visitors. The usual way is to request user to register an user account. Actually, this is not so appealing since if we need to remember one password for each website, it's troublesome, while for developers, it's their responsibility to protect password, once password is leaked, then it's a big headache to a website's business and reputation. So long time ago people started thinking about password-less login, this is a big ...

   Password-lesslogin,Authentication     2012-11-05 12:29:55

  What does session_destroy() do in PHP?

In PHP manual, the description for session_destroy() function is : session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called. I am confused about this description. If this function destroys all session data, then why the global variables associated with the session are not unset? Why can we u...

   session_destroy,session_start     2013-08-31 09:59:05

  Some tricks on PHP session

1. Session timeout problem There is a nuance we found with session timing out although the user is still active in the session.  The problem has to do with never modifying the session variable. The GC will clear the session data files based on their last modification time.  Thus if you never modify the session, you simply read from it, then the GC will eventually clean up. To prevent this you need to ensure that your session is modified within the GC delete time.  You can accomp...

   PHP,Session,Timeout,Solution,Various domain     2015-03-13 07:05:37

  SQL Injection through HTTP Headers

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and whic...

   Code security,SQL injection,HTTP header     2012-04-05 11:42:04

  Useful functions to provide secure PHP application

Security is a very important aspect of programming. There are many functions or modules in any kind of real programming language providing security functionalities  In modern websites, we may often get inputs form users all around the world.There is a famous saying which says that never trust user input. So in web programming languages, we will often see functions which will guarantee the security of the data input from users. Today we will cover some of these functions in the most famous o...

   PHP,security,SQL Injection,XSS,AJAX     2014-10-30 04:21:59

  Top 10 PHP Best Security Practices for Sys Admins

PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enhance PHP Security Best Practices under Linux environment. My sample setup for PHP Security Tips: D...

   PHP,code security,System admin,Advice,Best practice     2012-02-01 00:04:37

  Pair Programming: The disadvantages of 100% pairing

I’ve written a lot of blog posts in the past about pair programming and the advantages that I’ve seen from using this technique but lately I find myself increasingly frustrated at the need to pair 100% of the time which happens on most teams I work on. From my experience it’s certainly useful as a coaching tool, as I’ve mentioned before I think it’s a very useful for increasing the amount of collaboration between team members and an excellent way for ensuring ...

   Software development,Paring,Disadvantage     2012-01-11 12:08:47

  10 habits of 10x developers

Last week, I discovered The Rise of Developeronomics via Brad Feld. As long as I’ve lived, it has always been a great time to be a software developer. The economics keep getting better for us. My favorite quote: The one absolutely solid place to store your capital today — if you know how to do it –  is in software developers’ wallets. If the world survives looming financial apocalypse dangers at all, this is the one investment that will weather the storms. ...

   Developer,Efficiency,Advice,Rest,Focus     2011-12-26 02:54:06

  Introduction to OAuth (in Plain English)

Last week we talked about giving away your passwords and how you should never do it.  When a website wants to use the services of another—such as Bitly posting to your Twitter stream—instead of asking you to share your password, they should use OAuth instead. OAuth is an authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password. This is a quick guide to illustrate, as simply as possibl...

   Security,OAuth,Permission,Partial access     2012-04-05 11:39:54

  How To Write A Good Programming Test

I’ve taken and marked a lot of programming tests in the past. I love doing them as it’s always good to see what challenges different programmers have come up with when designing them. Unfortunately, however, most of them aren’t very good. Below is a list of general ideas to help increase the quality of programmer tests. 1. Keep it relevant Too many of the tests have questions on content that simply isn’t relevant to the job. The whole idea behind a programming test i...

   Programming test,Interview,Questions,Pro     2011-08-26 02:46:44

RECENT