Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 257/1734 | < Previous Page | 253 254 255 256 257 258 259 260 261 262 263 264  | Next Page >

  • PHP with SQL Injection

    - by Scott S
    For our first assignment in a System Security class, we have to hack into the professors "cheaply organized" sql database. I know the only user is "admin" and the select statement generated in the php is: select user_id from user where user_username = 'admin' AND user_password = md5('noob') I am having a number of problems attempting to bypass the password part of this statement as the professor has some javascript embedded in the page to sanitize the username and password of any non-alphanumeric values. This can be bypassed by turning off javascript :P but any values sent still get cleaned by the operating system (some build of Debian 32-bit). I've seen the code for the login request and it does not escape any characters. How do I bypass the operating systems escape sequences?

    Read the article

  • How to hash and salt passwords

    - by Henrik Skogmo
    I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

    Read the article

  • Template approach for a PHP application

    - by Industrial
    Hi everyone, We're in the middle of making a new e-commerce related PHP application and we have come to the point where we have started to think about how we should solve templating for our customers needs. What we would like to do is offer our customers the possibility of uploading/modifying templates to suit their company:s profile. The initial thought is that we shall not reinvent the wheel, so instead letting our customers upload their templates with FTP, so there will be basic HTML skills required. For those customers that want to modify/customize template and doesnt have the knowledge, we offer that service as well. I know that there's a number of issues to solve before this could be considered safe, like preventing XSS and writing scripts that check through each uploaded file for potential security threats and so on. Of course, there are some part that probably will be to complex for the customer to modify by themselves, so maybe this approach won't apply to all<< template files in the frontend application. But besides that, what would be a good way to handle this?

    Read the article

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Using a single PHP script for an entire site

    - by briggins5
    I had an idea today (that millions of others have probably already had) of putting all the sites script into a single file, instead of having multiple, seperate ones. When submitting a form, there would also be a hidden field called something like 'action' which would represent which function in the file would handle it. I know that things like Code Igniter and CakePHP exist which help seperate/organise the code. Is this a good or bad idea in terms of security, speed and maintenance? Do things like this already exist that i am not aware of?

    Read the article

  • How to ensure the HTTP_REQUEST Is coming from the right place?

    - by seatoskyhk
    I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable. REMOTE_ADDR is reliable though. so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list? For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.

    Read the article

  • php most memory efficient way to return files

    - by bumperbox
    so i have a bunch of files, some can be up to 30-40mb and i want to use php to handle security of the files, so i can control who has access to them that means i have a script sort of like this rough example $has_permission = check_database_for_permission($user, filename); if ($has_permission) { header('Content-Type: image/jpeg'); readfile ($filename); exit; } else { // return 401 error } i would hate for every request to load the full file into memory, as it would soon chew up all the memory on my server with a few simultaneous requests so a couple of questions is readfile the most memory efficient way of doing this? is there some better method of achieving the same outcome, that i am overlooking? server: apache/php5 thanks

    Read the article

  • [php + mysql] Save IP in database

    - by Knarf
    When a user logs inn I want to save their IP in the database. How would I do that? What type is best to use for the MySQL field? How would the PHP code to get IP look like? I'm thinking of using it as an extra security feature for the login/session stuff. I'm thinking of checking the IP the user logged in with from the DB with the IP the user have now as addition to checking the session. So that it first check the session, and then check if you have a valid IP. Is that an allright extra feature? And what other things can I do to make it more secure?

    Read the article

  • Post values in PHP Headers

    - by kumar
    Hi.. I want send some data to a remote webpage from my site. Actually it can be achieved through form hidden variables. but for security reason, i want set as post variables in header and then send to that webpage. i use this code $post_data = 'var1=123&var2=456'; $content_length = strlen($post_data); header('POST http://localhost/testing/test.php HTTP/1.1'); header('Host: localhost'); header('Connection: close'); header('Content-type: application/x-www-form-urlencoded'); header('Content-length: ' . $content_length); header($post_data); but my code doesn't work properly. help me...

    Read the article

  • My Apache doesn't execute PHP code with <? ?> Tag [closed]

    - by amateurs
    Possible Duplicate: How to enable PHP short tags ? I am using Apache Friends XAMPP (Basis Package) version 1.7.3 Apache 2.2.14 (IPV6 enabled) MySQL 5.1.41 (Community Server) with PBXT engine 1.0.09-rc PHP 5.3.1 (PEAR, Mail_Mime, MDB2, Zend) and i am running php files, that i code with <? ?> tags not <?php ?>. but the apache server won't execute my code, but if i try with <?php ?> tags, the code works. Anyone know how to enable the server to execute php code with <? ?> tags ?

    Read the article

  • How can I cut down on this spam, and what is the point of it anyway?

    - by Steven
    I run a small, niche personal ads site. People post ads and then other people reply to them, which sends an email to the original creator of the ad telling them that someone is interested and giving them contact information for that interested person. Lately there's been some weird spam. People are receiving nonsense replies to their ads. Here is an example of one: Name: xkauwvyr Reply: vRYmbI <a href="http://rypmoxdkfblf.com/">rypmoxdkfblf</a>, url=http://pnjlwvhizwbq.com/]pnjlwvhizwbq[/url], [link=http://hmenwoujxrfv.com/]hmenwoujxrfv[/link], http://ogsekuhoyeud.com/ They vary in length and composition but they all look roughly like that. The first idea I had was to simply throw out any reply that contained the string " Also, is this spam just some ass playing a trick on my website, or is it something more malicious?

    Read the article

  • PHP cors validation

    - by Brian Putt
    I have an endpoint that takes GET requests to collect data from any source that wants to send data. Is there a way to run some validation that the data is in fact coming from the sources we allowed? They enter the website url that they will be sending the data from and we generate an api key. The data is sent via a javascript file that they install onto their website. I have the Access-Control-Allow-Origin set to * as it doesn't necessarily scale to add in hundreds or more websites to that header and that in itself is a security risk as it shows anyone who wants to look at the headers who uses the script. Currently I am thinking of using the http_origin / origin referrer, but obviously that doesn't do too much

    Read the article

  • Need help... how to add md5 to password field in php?

    - by jones
    Hi mates, i looking some help and nice attention here.. i bought some php script many years ago and now no suport anymore... i just want to add md5 to password field.. here my form: <?php $SQL = "SELECT * from USERS WHERE USERNAME = '$_SESSION[username]'"; $result = @mysql_query( $SQL ); $row = @mysql_fetch_array( $result ); include 'menu.php'; ?> <FORM METHOD="post" ACTION="?page=query_client"> <INPUT TYPE="hidden" NAME="controller" VALUE="USERS~update~account_details&up=1~<?php echo $row[ID]; ?>"> <TABLE CLASS="basictable"> <TR> <TD CLASS="tdmenu" WIDTH="40%">Username</TD> <TD CLASS="tdmenu" WIDTH="60%"> <b><?php echo $row[USERNAME]; ?></b> </TD> </TR> <TR> <TD CLASS="tdmenu" WIDTH="40%">Password *</TD> <TD CLASS="tdmenu" WIDTH="60%"> <INPUT TYPE="PASSWORD" NAME="PASSWORD" SIZE="40" VALUE="<?php echo $row[PASSWORD]; ?>"> </TD> </TR> <TR> <TD CLASS="tdmenu" WIDTH="40%">Email Address *</TD> <TD CLASS="tdmenu" WIDTH="60%"> <INPUT TYPE="text" NAME="EMAIL" SIZE="40" VALUE="<?php echo $row[EMAIL]; ?>"> </TD> </TR> <TR> <TD CLASS="tdmenu" WIDTH="40%">Full Name *</TD> <TD CLASS="tdmenu" WIDTH="60%"> <INPUT TYPE="text" NAME="FULLNAME" SIZE="40" VALUE="<?php echo $row[FULLNAME]; ?>"> </TD> <TR> <TD CLASS="tdmenu" WIDTH="40%">Address *</TD> <TD CLASS="tdmenu" WIDTH="60%"> <INPUT TYPE="text" NAME="ADDRESS1" SIZE="40" VALUE="<?php echo $row[ADDRESS1]; ?>"> </TD> </TR> <BR> <TABLE CLASS="basictable"> <TR> <TD CLASS="tdhead2" > <DIV ALIGN="CENTER"><B> <INPUT TYPE="submit" NAME="Submit" VALUE="Submit"> </B></DIV> </TD> </TR> </TABLE> </FORM> and the it self as query_client.php inside look like: <?PHP @session_start(); $controller = $_POST['controller']; $pieces = explode("~", $controller); $table = $pieces[0]; $qt = $pieces[1]; $return = $pieces[2]; $id = $pieces[3]; $hack = $pieces[4]; if ($qt == insert) $qt = 'INSERT INTO'; if ($qt == update) { $qt = 'UPDATE'; $end = "WHERE ID = '$id'"; } $pre = array_keys( $_POST ); mysql_query ("CREATE TABLE IF NOT EXISTS `$table` (`ID` INT NOT NULL AUTO_INCREMENT , PRIMARY KEY ( `id` ) )"); $count = count($pre); $count = $count - 2; $sql = "$qt $table SET"; for ($i=0; $i < $count; $i++) { $x=$i+1; $y = $_POST[$pre[$x]]; $d = $y; mysql_query ("ALTER TABLE `$table` ADD `$pre[$x]` TEXT NOT NULL"); $sql .= " `$pre[$x]` = '$d',"; } $sql .= " ID = '$id' $end"; $query = mysql_query($sql) or die("$sql_error" . mysql_error()); if (empty($hack)) { } else { $pieces = explode("/", $hack); $h0 = $pieces[0]; $h1 = $pieces[1]; $h2 = $pieces[2]; $h3 = $pieces[3]; $h4 = $pieces[4]; $h5 = $pieces[5]; mysql_query ("ALTER TABLE `$table` $h0 $h1 $h2 $h3 $h4 $h5"); $query = mysql_query($sql) or die("$sql_error" . mysql_error()); } if (isset($_GET[inc])) include "$_GET[inc].php"; ?> so please help me how to add md5 in PASSWORD field? thanks in advance..

    Read the article

  • Securing database keys for client-side processing

    - by danp
    I have a tree of information which is sent to the client in a JSON object. In that object, I don't want to have raw IDs which are coming from the database. I thought of making a hash of the id and a field in the object (title, for example) or a salt, but I'm worried that this might have a serious effect on processing overhead. SELECT * FROM `things` where md5(concat(id,'some salt')) = md5('1some salt'); Is there a standard practice for obscuring IDs in this kind of situation?

    Read the article

  • Validate authenticity of website owner

    - by Cyber Junkie
    Hello all! I'm planning to develop a web app where users will list their site/blog. When people submit their sites, how can I confirm that they are the owners of it? So for instance there is a user Mark who wants to submit someone else's website without their approval. I want to restrict Mark from doing so unless he is the actual owner. My idea was to do a comparison between the user's email domain and the website domain she/he wants to submit. If they match allow the user to submit the website. However most people don't register with their website domain address.. or perhaps I'll implement a Facebook connect in the future. What other methods would you suggest?

    Read the article

  • Is it possible for PHP to generate a fresh page on every Javascript history.go(-1) ?

    - by Ho
    Hello, I have a PHP page (a.php) which is already sending these headers: <?php header('Cache-Control: no-cache, no-store, max-age=0, must-revalidate'); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); header('Pragma: no-cache'); ?> And on the PHP page (a.php) , it has a link to another page (b.html) on b.html, it has a javascript code to: <script type="text/javascript"> history.go(-1); </scirpt> It seems to me that, when the browser is "going back" to a.php,the content isn't fresh at all. Would you please advise me if generating a completely fresh page on history.go(-1) is possible? Thank you.

    Read the article

  • What statistics app should I use for my website?

    - by Camran
    I have my own server (with root access). I need statistics of users who visit my website etc etc... I have looked at an app called Webalyzer... Is this a good choice? I run apache2 on a Ubuntu 9 system... If you know of any good statistics apps for servers please let me know. And a follow-up question: All statistics are saved in log-files right? So how large would these log-files become then? Possibility to split them would be good, dont know if this is possible with Webalyzer though...

    Read the article

  • Is there really a need for encryption to have true wireless security? [closed]

    - by Cawas
    I welcome better key-wording here, both on tags and title. I'm trying to conceive a free, open and secure network environment that would work anywhere, from big enterprises to small home networks of just 1 machine. I think since wireless Access Points are the most, if not only, true weak point of a Local Area Network (let's not consider every other security aspect of having internet) there would be basically two points to consider here: Having an open AP for anyone to use the internet through Leaving the whole LAN also open for guests to be able to easily read (only) files on it, and even a place to drop files on Considering these two aspects, once everything is done properly... What's the most secure option between having that, or having just an encrypted password-protected wifi? Of course "both" would seem "more secure". But it shouldn't actually be anything substantial. That's the question, but I think it may need more elaborating on. If you don't think so, please feel free to skip the next (long) part. Elaborating more on the two aspects ... I've always had the feeling using any kind of the so called "wireless security" methods is actually a bad design. I'm talking mostly about encrypting and pass-phrasing (which are actually two different concepts), since I won't even consider hiding SSID and mac filtering. I understand it's a natural way of thinking. With cable networking nobody can access the network unless they have access to the physical cable, so you're "secure" in the physical way. In a way, encrypting is for wireless what building walls is for the cables. And giving pass-phrases would be adding a door with a key. But the cabling without encryption is also insecure. If someone plugin all the data is right there. So, while I can see the use for encrypting data, I don't think it's a security measure in wireless networks. It's wasting resources for too little gain. I believe we should encrypt only sensitive data regardless of wires. That's already done with HTTPS, so I don't really need to encrypt my torrents, for instance. They're torrents, they are meant to be freely shared! As for using passwords, they should be added to the users, always. Not to wifi. For securing files, truly, best solution is backup. Sure all that doesn't happen that often, but I won't consider the most situations where people just don't care. I think there are enough situations where we actually use passwords on our OS users, so let's go with that in mind. I keep promoting the Fonera concept as an instance. It opens up a free wifi port, if you choose so, and anyone can connect to the internet through that, without having any access to your LAN. It also uses a QoS which will never let your bandwidth drop from that public usage. That's security, and it's open. But it's lacking the second aspect. I'll probably be bashed for promoting the non-usage of WPA 2 with AES or whatever, but I wanted to know from more experienced (super) users out there: what do you think?

    Read the article

  • PHP/GD - Cropping and Resizing Images

    - by Alix Axel
    I've coded a function that crops an image to a given aspect ratio and finally then resizes it and outputs it as JPG: <?php function Image($image, $crop = null, $size = null) { $image = ImageCreateFromString(file_get_contents($image)); if (is_resource($image) === true) { $x = 0; $y = 0; $width = imagesx($image); $height = imagesy($image); /* CROP (Aspect Ratio) Section */ if (is_null($crop) === true) { $crop = array($width, $height); } else { $crop = array_filter(explode(':', $crop)); if (empty($crop) === true) { $crop = array($width, $height); } else { if ((empty($crop[0]) === true) || (is_numeric($crop[0]) === false)) { $crop[0] = $crop[1]; } else if ((empty($crop[1]) === true) || (is_numeric($crop[1]) === false)) { $crop[1] = $crop[0]; } } $ratio = array ( 0 => $width / $height, 1 => $crop[0] / $crop[1], ); if ($ratio[0] > $ratio[1]) { $width = $height * $ratio[1]; $x = (imagesx($image) - $width) / 2; } else if ($ratio[0] < $ratio[1]) { $height = $width / $ratio[1]; $y = (imagesy($image) - $height) / 2; } /* How can I skip (join) this operation with the one in the Resize Section? */ $result = ImageCreateTrueColor($width, $height); if (is_resource($result) === true) { ImageSaveAlpha($result, true); ImageAlphaBlending($result, false); ImageFill($result, 0, 0, ImageColorAllocateAlpha($result, 255, 255, 255, 127)); ImageCopyResampled($result, $image, 0, 0, $x, $y, $width, $height, $width, $height); $image = $result; } } /* Resize Section */ if (is_null($size) === true) { $size = array(imagesx($image), imagesy($image)); } else { $size = array_filter(explode('x', $size)); if (empty($size) === true) { $size = array(imagesx($image), imagesy($image)); } else { if ((empty($size[0]) === true) || (is_numeric($size[0]) === false)) { $size[0] = round($size[1] * imagesx($image) / imagesy($image)); } else if ((empty($size[1]) === true) || (is_numeric($size[1]) === false)) { $size[1] = round($size[0] * imagesy($image) / imagesx($image)); } } } $result = ImageCreateTrueColor($size[0], $size[1]); if (is_resource($result) === true) { ImageSaveAlpha($result, true); ImageAlphaBlending($result, true); ImageFill($result, 0, 0, ImageColorAllocate($result, 255, 255, 255)); ImageCopyResampled($result, $image, 0, 0, 0, 0, $size[0], $size[1], imagesx($image), imagesy($image)); header('Content-Type: image/jpeg'); ImageInterlace($result, true); ImageJPEG($result, null, 90); } } return false; } ?> The function works as expected but I'm creating a non-required GD image resource, how can I fix it? I've tried joining both calls but I must be doing some miscalculations. <?php /* Usage Examples */ Image('http://upload.wikimedia.org/wikipedia/commons/4/47/PNG_transparency_demonstration_1.png', '1:1', '600x'); Image('http://upload.wikimedia.org/wikipedia/commons/4/47/PNG_transparency_demonstration_1.png', '2:1', '600x'); Image('http://upload.wikimedia.org/wikipedia/commons/4/47/PNG_transparency_demonstration_1.png', '2:', '250x300'); ?> Any help is greatly appreciated, thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 253 254 255 256 257 258 259 260 261 262 263 264  | Next Page >