Security

New PHP Security and Authentication Framework

February 25, 2010

Introducing the MDBitz Security and Authentication Framework for PHP. I have always had an issue with any PHP Security or Authentication Framework or library that I have utilized in past projects. That is why I am developing my own comprehensive Security and Authentication Framework. I am building this framework from the ground up keeping all

// PHP // Security //
Read More

Securing your php websites on shared servers by use of the session_save_path configuration

February 18, 2010

Beginner web developers may not be fully aware of the security vulnerabilities from shared hosting. Most shared hosting servers work by having a common php installation that uses the same php.ini configurations to run. What this means to the user is that all session information for all users are stored in a common directory on

// PHP // Security // Tips & Tricks //
Read More

Remote Code Execution

August 28, 2009

Remote Code Execution is a security vulnerability in where a malicious user manipulates input or a url to run code from a remote location.  Unlike Cross Site Scripting XSS where only the user is affected Remote Code Execution could run scripts that delete all files on your server. This security risk like most vulnerabilities comes

// PHP // Security //
Read More

Session Fixation

August 6, 2009

Session Fixation is a security vulnerability where a user sets the Session Identifier (SID) of a user to a known value, allowing them to access your session. This would allow the malicious user to access the user’s private information. For Example: Jason has determined that his neighbor Joe’s bank site http://mybank.com is susceptible to a

// PHP // Security //
Read More