Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • W3Schools
    • General
    • Suggestions
    • Critiques
  • HTML Forums
    • HTML/XHTML
    • CSS
  • Browser Scripting
    • JavaScript
    • VBScript
  • Server Scripting
    • Web Servers
    • Version Control
    • SQL
    • ASP
    • PHP
    • .NET
    • ColdFusion
    • Java/JSP/J2EE
    • CGI
  • XML Forums
    • XML
    • XSLT/XSL-FO
    • Schema
    • Web Services
  • Multimedia
    • Multimedia
    • FLASH

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Languages

Found 25 results

  1. YO WWW.W3SCHOOLS.COM SECURITY CERTIFICATE EXPIRED 5/5/2020 SOOOOOOOOOO GET A NEW CERTIFICATE MEH
  2. hi everyone, i am basically new to this forum so i didn't really know where to post this question, basically what happened i made a site. on this site is a particular commenting system where i used php ajax on the jquery way, my teacher saw my website and wanted to test something so he left a comment with <b>exampe</b> and his comment turned out to be bold text. to me and the safety of my site it is a dangerous thing as peope are required to leave their email in the form (not shown in actual comment but saved in the db) he also said that with his knowlege he could us
  3. BACKGROUND: As always I am concerned about security on the one hand, but do not wish to over-code on the other. In the following outlined procedure the data is fetched from the super secure, vast thicket of layered PHP and sent after translation THE PROCEDURE: Create two MySQL tables linked with a foreign key. Make a method call to the Matomo API and retrieve a four tiered nested array containing two tiers of visitor data. The first tier consists of an indexed array whose 100 elements each corresponds to a single visit to the Grammar Captive website. The second tier
  4. Hi all, I'm trying to control where a visitor enters my website. I only want a visitor to open my homepage, pass security and then continue, like a menu-driven app. I know you can enter a domain name and a slash and go to that page in the website like 'amazon.com/tools' will bring up the tool page. Is there a way to prevent this from happening? Can it be turned off or on according to a security level imposed? I only want higher level users to see pages like 'checkswritten.html' or 'incomelevel.html' and not a casual user type in 'myDomain/incomelevel'. anybody can see the links in
  5. I would like to share with you a message that I posted on the Matomo forum for which I am not expecting a satisfactory reply. I suspect that Matomo will be unwilling to entertain the idea for fear of opening a Pandora's box of insecurity for casual users and thereby endangering its reputation as a secure web utility. Matomo's fear need not be my own, however, with the proper guidance. BACKGROUND: After several weeks of enormous frustration I was finally able to access the Matomo web application directly with PHP. I was able to achieve this somewhat (for me) monumental task by renaming
  6. Dear all, As you know, an .htaccess file placed in a directory to be affected (protected) is useful in websites hosted in an Appache server to protect such directories from prying eyes. But I have noticed that recommendation is to place such files inside certain directories only, e.g., inside includes and views (that contains home page, shopping cart, listing of products, etc.) directories. I thought we could as well protect all other directories should there be no downside to protecting all. Any thoughts on why we should not include an .htaccess file inside all directories will be app
  7. Hi, I'm using PHPMailer to send email from a contact form using gmail SMTP which requires to include the SMTP password directly in the PHP script like so $mail->Password = 'mypassword'; According to what I've found on the net, it seems that it's not recommended since the password can be easily hacked. Thus, I'm wondering how to do to protect my password. I've found people recommending to put the password in an INI file outside the webroot and then to retrieve it using parse_ini_file() function. My problem is that I'm not sure I understand the "outside the webroot" part… if
  8. Hi, I'm new to PHP and I was wondering if it's perfectly safe to use $_SERVER['PHP_SELF'] like so: <body<?php if(basename($_SERVER['PHP_SELF']) == 'home.php') echo ' class="home"'; ?>> … </body> As far as I understand, the $_SERVER['PHP_SELF'] variable can only be exploited when used as a link or in a form/inputs, where the variable should be wrapped into htmlspecialchars() to counter XSS attacks, am I right?
  9. My goal is to store javascript code into a database. My first idea was to use htmlspecialchars; store it in mysql in a table column and later retrieve it with htmlspecialchars_decode. All this to prevent injection / hacking. But online I read one or two warnings that it wouldnt work, which I assume is so (I didnt test it, but it seems quite obvious afterwards) . So my question is: is it possible to have a user store javascript in a database and use it in a php script for specific purposes in a secure way?
  10. Hi all I would like to know whether it is possible or not to build a secure inlog script. The script I have as example is mainly in php. I read a couple of tuts online and watched some youtube video's and discovered that both javascript and php are used. I dont know much about encryption but more and more questions are rising ..... Is it true that it is possible to add javascript encryption wen you want a user to login ? My own idea is that this looks quite insecure as anybody can see the encryption code. I have more questions but first i would like to know this i
  11. I am a complete Newbie and will be embarking on a big project to use a device for learning the web dev languages. That being said, with the availability of page source code info, inspect element etc. What should I be studying at the outset so that my design can't merely be cut and pasted and sold after all my hard work. I know there are copyrights laws, but we all no they are only a good as the paper they were written on if a person is determined to pirate something.
  12. Hi guys! I have an issue with my webpages, from the homepage I can go to the page two without clicking on the link, just adding a #pagetwo on the address bar, have someone solved this using javascript or something like that? I'm attaching an example for those who will try to help me. Thanks! PageTransitionProblem.html
  13. In my current website project, I would like to design a secure area for members. I have built basic login systems before, but I want to build something more secure this time. One of the things I would like to do it route requests using the HTTPS protocol. In my research on how to do this, I have been starting to learn about SSL certificates. As I understand it, in order to create an SSL encrypted connection that users can be confident in, I must purchase a certificate from a certificate authority (CA). I am questioning whether I really need to do this, though. Neither money nor information
  14. davej

    Php security?

    I am feeling rather overwhelmed by the number of security-related issues. I think I know the basics related to untrusted external inputs and database risks but looking at...https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
  15. CMS/Forum Session/cookie management and security, picking a good example. I am starting an opensource GPL forum project primarily for the sake of learning. I have been looking at the different implementations for user authentication and session management of different CMS and forum packages.Trying to go through and learn what is being done. Also wondering which makes for the best example of a good clean way to implement it.I would prefer to store the bare minimum cookies client side and keep most data in session variables server side.Unless there is a good reason to have another cookie or two,
  16. I have been developing a php web site. I have been trying to follow suggested best practices. I am running ubuntu minimalist install, and installed the following packages: nginx php5 php5-fpm postgresql phppgadmin php5-gd I have nginx up and running instead of apache.I have done some basic configuration for nginx.got my vhost setup and linked. and I am now able to browse my php pages on my local test machine running ubuntu. I have created my postgre database, and have a user setup. So I am to the point that I wanted to create a page to register/login/change password. I searched and found http:
  17. I posted this in General, but I'll also post it here in the specific Java area... Does this threat imply the use of malicious applets? I'm not sure. http://www.cbsnews.c...-java-software/ "The U.S. Department of Homeland Security is advising people to temporarily disable the Java software on their computers to avoid potential hacking attacks.The recommendation came in an advisory issued late Thursday, following up on concerns raised by computer security experts." http://www.us-cert.g.../TA13-010A.html http://www.slashgear.com/turn-off-java-they-warn-heres-how-you-do-it-12265037/
  18. Hello, im wondering can i prevent brute-force attacks from my webpage example creating this. This should work if the user doesn't close and re-open the page after attempts are out, but i have no idea how brute-force does it. Login page <?php session_start();if(isset($_SESSION['login_attempt']) && $_SESSION['login_attempt'] < 6) {} else {//Form here}?> Login confirm page <?phpsession_start();if (isset($_SESSION['Rights']) && $_SESSION['login_attempt'] < 6) {header("Location: index.php");} elseif (isset($_POST['password']) && isset($_POST['username'])
  19. sepoto

    htmlentities

    I am currently reading the title "Essential PHP Security". I see one of the topics is concerning the use of "htmlentities()". I have looked up the functions man page on php.net and I do understand what it is doing however I don't yet fully understand how the use of "htmlentities()" is supposed to make my application more secure. Could someone explain this a bit? Thanks!
  20. http://www.forbes.com/sites/andygreenberg/2012/08/31/oracles-java-security-woes-mount-as-researchers-spot-a-bug-in-its-critical-bug-fix/ http://www.informationweek.com/security/vulnerabilities/java-zero-day-attack-second-bug-found/240006431
  21. Hello, Does somebody know a simple security question script for my contact form.like what is 2+2 or what number comes after 7. Thanks.
  22. Could some of you tell me the basic protection that PHP & MySQL website needs. For example new stuff to me was SQL injection. Q: How to prevent website from SQL injection?Q: What other protection websites require than SQL injection protect? I know that the password should be crypted but somehow i think its not enough or is it?
  23. Hi. Wonder if anyone can help. I am trying to build a website where users can log in to their account, and then place an order for an item, edit their details etc. However, am using the following code upon loading the myAccount.cshtml page: if (WebSecurity.IsAuthenticated == false) { Response.Redirect("~/"); } So that if the user is not logged in it directs them to the home page to then login. However I am finding that even when the user has logged in, as soon as they come away from the My Account area - it logs them out and they then have to log back in. How could I make this so
  24. I am currently creating an e-learning application for my honours project (This will not go live or be distributed for profit) that teaches php to brand new users however there will obviously be experienced users using the application as well and they will try to attack it or bring it down. My code to process the user input for malicious code strings before it is run thru an eval(); is below.If any of the banned words are found it returns false and the user input never gets near an eval() function. If no banned words are found then it returns true and the input (PHP CODE) is run thru an eval();
  25. davej

    Basic Php Security?

    I am just getting started with PHP and I would like to immediately learn some basic security facts, such as how database accesses should be properly handled so that I don't have to unlearn bad habits like I did in ASP.NET (with that idiotic SqlDataSource method). Can PHP source code inside the brackets <?php ?> ever become visible to the web (as in view page source)? Do MySQL accesses need to be wrapped in try-catch statements to prevent database errors from being visible? Thanks.
×
×
  • Create New...