Hi,
I would like to know how can i be sure to make customer use the SSL all the
time.
all the time in my PHP code, i write links as relative links, so without
HTTPS.
I was thinking to check everything if the port is the SSL port (default :
443), but it does not mean that protocol is HTTPS.
So, h
<[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>> [EMAIL PROTECTED] wrote:
>>> hi,
>>> I had to move my osComerce store to new hosting company. new server runs
>>> on php5/mysql5.
>>>
>>> got this error:
>>> FATAL ERROR: register_globals is disabled in php.ini, please enable it!
>>>
Hi,
After reading the documentation about security from phpsec.org, i see that 2
"schools" exist (dispatch method or include method).
I do not see any huge difference between them.
I would like to know what is the most suitable method to centralize security
in 1 single file.
thx.
Alain
-
Hi,
Based on phpsec.org documentation it is written ("between lines") that GET
and POST methods are still used but they are not the most secured (except if
we take care for that).
So, i would like to know which other methods are more secured that those 2.
thx.
Alain
-
my solution:
if($_SERVER["HTTPS"] != 'on')
{
header ('location: https://www.your_domain_here.com');
exit;
}
-afan
> Hi,
>
> I would like to know how can i be sure to make customer use the SSL all
> the
> time.
> all the time in my PHP code, i write links as relative links, so without
> HTTPS
If you're talking about getting user data into a web script, then GET, POST,
and cookies are the only options. All three are insecure, because they're
coming from the user. The user is guilty until proven otherwise. Sanitize
thy input.
Sensitive data like username and password should never b
On Sat, December 2, 2006 10:29 am, Alain Roger wrote:
> Based on phpsec.org documentation it is written ("between lines") that
> GET
> and POST methods are still used but they are not the most secured
> (except if
> we take care for that).
> So, i would like to know which other methods are more sec
On Sat, December 2, 2006 9:47 am, Alain Roger wrote:
> After reading the documentation about security from phpsec.org, i see
> that 2
> "schools" exist (dispatch method or include method).
> I do not see any huge difference between them.
> I would like to know what is the most suitable method to ce
On Sat, December 2, 2006 2:17 am, Alain Roger wrote:
> I would like to know how can i be sure to make customer use the SSL
> all the
> time.
> all the time in my PHP code, i write links as relative links, so
> without
> HTTPS.
>
> I was thinking to check everything if the port is the SSL port
> (de
I suspect that if you do an "imagecopyresampled" or somesuch into a
fresh NEW image, you'd get what you want.
Not saying you haven't found a bug ; Just suggesting a work-around.
On Fri, December 1, 2006 4:26 pm, Graham Anderson wrote:
> Is there some trick to getting PHP GD to properly convert a
Hi,
I'm working on .htaccess file for improving security.
Based on documentation from PHPSEC.org, we should be able to store DB_USER
login and DB_PASS password in some secret-stuff (for example) file, which
should be located outside root of web document root. (for example in some
/path_to_secret
Richard,
as i wrote you before, i've gotthe following suggestion to implement before
to run the rest of my PHP code.
if($_SERVER['HTTPS']!='on')
{
header('location:https://www.mysite.com');
exit;
}
...
but i do not know if it's enough.
Alain
On 12/2/06, Richard Lynch <[EMAIL PROTECTED]> wrot
On Sat, December 2, 2006 5:31 am, Tony Marston wrote:
> If you site administrator thinks that using an htaccess file is a
> security
> issue then he is very much mistaken. The directives in an htaccess
> file DO
> NOT enable you to access any one else's data on a shared server. All
> they do
> is
I personally chose the include method...
I was scared also that the dispatch method will only finish by polluting a
single file...
on the other side, i like the idea to have a clear view on each php file, so
include a security.inc file (which has the switch ...case function) was a
logical path fo
Am Samstag, den 02.12.2006, 13:57 -0600 schrieb Larry Garfield:
> If you're talking about getting user data into a web script, then GET, POST,
> and cookies are the only options. All three are insecure, because they're
> coming from the user. The user is guilty until proven otherwise. Sanitize
using imagecopyresampled did the trick :)
This will be great for my css files.
If all goes well, the below will be used to dynamically convert PNG
images to Jpegs for IE6 and below.
For some bizarre reason, you can not use the background-position
property with PNGs for <= IE 6.
So, in my css
The browser is not supposed to change that, unless you hard-link to
http:// somewhere in your application.
I don't guarantee no browser ever had a bug like that, but I never
heard of such a bug.
And there ain't no stopping a pesky user from taking the 's' out to
see what happens... So you should
On Sat, December 2, 2006 3:35 pm, Alain Roger wrote:
> I'm working on .htaccess file for improving security.
> Based on documentation from PHPSEC.org, we should be able to store
> DB_USER
> login and DB_PASS password in some secret-stuff (for example) file,
> which
> should be located outside root
18 matches
Mail list logo
