On Sat, December 2, 2006 3:35 pm, Alain Roger wrote:
> I'm working on .htaccess file for improving security.
> Based on documentation from PHPSEC.org, we should be able to store
> DB_USER
> login and DB_PASS password in some secret-stuff (for example) file,
> which
> should be located outside root
The browser is not supposed to change that, unless you hard-link to
http:// somewhere in your application.
I don't guarantee no browser ever had a bug like that, but I never
heard of such a bug.
And there ain't no stopping a pesky user from taking the 's' out to
see what happens... So you should
using imagecopyresampled did the trick :)
This will be great for my css files.
If all goes well, the below will be used to dynamically convert PNG
images to Jpegs for IE6 and below.
For some bizarre reason, you can not use the background-position
property with PNGs for <= IE 6.
So, in my css
Am Samstag, den 02.12.2006, 13:57 -0600 schrieb Larry Garfield:
> If you're talking about getting user data into a web script, then GET, POST,
> and cookies are the only options. All three are insecure, because they're
> coming from the user. The user is guilty until proven otherwise. Sanitize
I personally chose the include method...
I was scared also that the dispatch method will only finish by polluting a
single file...
on the other side, i like the idea to have a clear view on each php file, so
include a security.inc file (which has the switch ...case function) was a
logical path fo
On Sat, December 2, 2006 5:31 am, Tony Marston wrote:
> If you site administrator thinks that using an htaccess file is a
> security
> issue then he is very much mistaken. The directives in an htaccess
> file DO
> NOT enable you to access any one else's data on a shared server. All
> they do
> is
Richard,
as i wrote you before, i've gotthe following suggestion to implement before
to run the rest of my PHP code.
if($_SERVER['HTTPS']!='on')
{
header('location:https://www.mysite.com');
exit;
}
...
but i do not know if it's enough.
Alain
On 12/2/06, Richard Lynch <[EMAIL PROTECTED]> wrot
Hi,
I'm working on .htaccess file for improving security.
Based on documentation from PHPSEC.org, we should be able to store DB_USER
login and DB_PASS password in some secret-stuff (for example) file, which
should be located outside root of web document root. (for example in some
/path_to_secret
I suspect that if you do an "imagecopyresampled" or somesuch into a
fresh NEW image, you'd get what you want.
Not saying you haven't found a bug ; Just suggesting a work-around.
On Fri, December 1, 2006 4:26 pm, Graham Anderson wrote:
> Is there some trick to getting PHP GD to properly convert a
On Sat, December 2, 2006 2:17 am, Alain Roger wrote:
> I would like to know how can i be sure to make customer use the SSL
> all the
> time.
> all the time in my PHP code, i write links as relative links, so
> without
> HTTPS.
>
> I was thinking to check everything if the port is the SSL port
> (de
On Sat, December 2, 2006 9:47 am, Alain Roger wrote:
> After reading the documentation about security from phpsec.org, i see
> that 2
> "schools" exist (dispatch method or include method).
> I do not see any huge difference between them.
> I would like to know what is the most suitable method to ce
On Sat, December 2, 2006 10:29 am, Alain Roger wrote:
> Based on phpsec.org documentation it is written ("between lines") that
> GET
> and POST methods are still used but they are not the most secured
> (except if
> we take care for that).
> So, i would like to know which other methods are more sec
If you're talking about getting user data into a web script, then GET, POST,
and cookies are the only options. All three are insecure, because they're
coming from the user. The user is guilty until proven otherwise. Sanitize
thy input.
Sensitive data like username and password should never b
my solution:
if($_SERVER["HTTPS"] != 'on')
{
header ('location: https://www.your_domain_here.com');
exit;
}
-afan
> Hi,
>
> I would like to know how can i be sure to make customer use the SSL all
> the
> time.
> all the time in my PHP code, i write links as relative links, so without
> HTTPS
Hi,
Based on phpsec.org documentation it is written ("between lines") that GET
and POST methods are still used but they are not the most secured (except if
we take care for that).
So, i would like to know which other methods are more secured that those 2.
thx.
Alain
-
Hi,
After reading the documentation about security from phpsec.org, i see that 2
"schools" exist (dispatch method or include method).
I do not see any huge difference between them.
I would like to know what is the most suitable method to centralize security
in 1 single file.
thx.
Alain
-
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>> [EMAIL PROTECTED] wrote:
>>> hi,
>>> I had to move my osComerce store to new hosting company. new server runs
>>> on php5/mysql5.
>>>
>>> got this error:
>>> FATAL ERROR: register_globals is disabled in php.ini, please enable it!
>>>
Hi,
I would like to know how can i be sure to make customer use the SSL all the
time.
all the time in my PHP code, i write links as relative links, so without
HTTPS.
I was thinking to check everything if the port is the SSL port (default :
443), but it does not mean that protocol is HTTPS.
So, h
18 matches
Mail list logo
