Comments on: Basic PHP Hacks and How to Secure your App

By: Php Developer

Php Developer — Fri, 02 Oct 2009 08:33:20 +0000

Thank you for providing nice information on php security issue. I very thank full to you. Keep posting and inform us.

By: Shubhamoy

Shubhamoy — Wed, 06 May 2009 07:01:37 +0000

Hi Admin,

Really shocking piece of information since I knew that PHP was foolproof but now I need to give it a thought. Is PHP on its own(without database) vulnerable?

BR,
Shubhamoy

By: Ryan

Ryan — Wed, 01 Apr 2009 03:07:03 +0000

On the contrary, there are ways to decrypt BOTH md5 and sha1

however they require time and a large processor to do the job

that is why they are no longer among the ranking of true encryption algorithms,

i believe at the time i post this, there are no TRUE encryption algorithms (which would be an algorithm that has passed the time test (5 years) without being cracked) and so for now they are using a temporary substitute, though not true, and it is:

TRIPLE DES

because Des was broken

it is basically, using a Des algorithm three times

this is currently the *best* encryption

*according to the experts

By: Basic PHP Hacks and How to Secure your App | Apni Library

Basic PHP Hacks and How to Secure your App | Apni Library — Mon, 02 Feb 2009 17:55:55 +0000

[...] The rest is here: Basic PHP Hacks and How to Secure your App | Devlounge [...]

By: Custom PHP

Custom PHP — Wed, 12 Nov 2008 23:05:54 +0000

Using htmlentities is a major step in the right direction. Evaluating the input to verify it is what you expected it to be is always a good idea. You can limit what is acceptable as well.

By: Top 50 Sources of Inspiration: Month of September | Peakflow Design

Top 50 Sources of Inspiration: Month of September | Peakflow Design — Wed, 01 Oct 2008 19:37:30 +0000

[...] Basic PHP Hacks and How to Secure your App [...]

By: adie

adie — Tue, 23 Sep 2008 14:18:27 +0000

whoaa,. i’m learn a lot, i loved this blog and i’ll bookmark it for further resources, thanks for sharing

By: Kevin Martin

Kevin Martin — Tue, 23 Sep 2008 01:02:46 +0000

For those of you who have comments about how my methods above are in accurate or less secure, this tutorial is only for *basic* means of accomplishing a safer application.

@Miram: Thanks for your code and to clarify on mine above, I meant to put time() in a variable, though since this was only for learning what should be done, I assumed you guys would do the same. And yes, you can never assume two calls to time() will be the same.

@those who think MD5 and SHA1 cannot be decrypted: If you search for methods on how to do this, you will find documents on how you can find collisions and certain patterns in the hash. And sure, there are rainbow tables out there, but they are only useful for plain MD5 and SHA1 but not for anything such as above, especially with a unique salt.

Thanks everyone else for your comments and hope you give us authors more feedback.

By: mixusr

mixusr — Mon, 22 Sep 2008 05:53:22 +0000

Nevermind, found it:
http://www.devlounge.net/code/protect-your-wordpress-wp-config-so-you-dont-get-hacked

Thanks for the great security posts!

By: mixusr

mixusr — Mon, 22 Sep 2008 05:52:00 +0000

Wasn’t there a post about hiding conf’s or something of that nature last year? I actually tried searching for it and couldn’t find it.

By: Montoya

Montoya — Wed, 17 Sep 2008 13:29:57 +0000

Just FYI, you can use the new mysqli extension for PHP instead of the old mysql, which has object-oriented query methods that use escaping. You can bind parameters and force them to be integers or strings, and when you bind strings, they are forced to be contained, so even a wayward quotation mark won’t be able to expose or modify the query. I’ve been using mysqli instead of mysql for almost a year now and I’m never going back!

By: Max Design - standards based web design, development and training » Some links for light reading (17/9/08)

Wed, 17 Sep 2008 05:09:05 +0000

[...] Basic PHP Hacks and How to Secure your App [...]