Web Application security means taking many measures to protect your application, server, database and network – depending what you control and what you don’t. The most basic forms of security involve User Authentication on websites, ensuring your users can securely login and stay logged in. Preventing SQL injection attacks is also very important.
It’s important for end-users to secure their own computers too. Cookies are a huge security risk, as someone who gets your cookies can easily load them up and test which ones are active, easily accessing and logging into any websites whose active sessions they get.
Keeping PHP Sessions open, or any sessions open regardless of what language you use, can be a pain. One of the most commonly asked questions is “How do I keep my sessions open for 30 days or more?”.
This is written from the perspective of PHP, but of course Cookies themselves can be manipulated from whatever server-side language you use to code your web application.
So if your users only stay logged in for a few hours, maybe a a couple of days at the most, and you want them to stay logged in much longer, continue reading.
The main reason this method works is because it doesn’t rely on PHP to keep the session, and sessions on the server tend to get cleared out, which is probably the most common reason for users having to login again. Rather than rely on PHP garbage collection to work properly, you take control of a secondary session that you store yourself. When the primary login check fails (depends on your application), you check the secondary session against your own records, and if you find a match, you can auto-login the user, returning control to the PHP session itself. You can choose to be seamless about the whole process, or you can present your user with one of those unnecessary messages saying “Please wait while we find your account…”. (more…)
Your registrar – most likely GoDaddy – is where your purchased your Domain Name. It’s very important to keep your GoDaddy account secure, because if an unauthorized user gains access to your account, they can transfer your domain to a different owner, and it can be exceedingly difficult to regain control of your domain, so here are some tips to keep your domain and your business safe: (more…)
Facebook Apps: Do you care?
That just about sums up what people think of them.
When Facebook Apps debuted many people were confused. People began asking “Why do these apps exist?” “and What can I do with these apps?”.
But then something happened. The apps became crap, and people started asking a different question: “Why are these apps so dang annoyng?” and “How can I use Facebook but ignore all this App garbage?”. (more…)
Apache is massively popular right now and probably the leading web server software. As such it is a security target, and much development and updates happen regarding Apache security. .htaccess is a security method long used by Apache, although it can do much more than just security. The .htaccess file provides a lot of functionality, anything from redirects, to URL re-writing, to changing PHP settings or Apache settings, folder display settings, and password and IP security.
.htaccess is hugely popular and a great way of going about several important tasks on a website. Documentation is readily available on the internet, most features are very easy, and the features it provides are incredibly useful.
Since the introduction of the Android OS by Google, there has been tons of hoopla about what Android is, what Android does, and what sets it apart. These aspects of Android have been manipulated and misconstrued by the media, and subsequently by the public, resulting in a poor understanding of what Android is. (more…)
PHP error reporting can be simple or difficult depending upon your application. Many sites and applications change the settings, either via the php.ini file, an .htaccess file, or directly in the PHP code. In fact, setting the values directly in the PHP code of your application is probably the most common method.
So which settings are you actually supposed to change? Try these for starters:
The following example contains the syntax:
ini_set('error_reporting', E_ALL & ~E_NOTICE);
ICANN has announced what has been discussed, proposed, rumored and knocked down for years – an official digital “Red Light District” for the internet.
A couple of months ago, ICANN introduced the .xxx domain extension – targeted towards Adult content. The idea has been met with resistance, confusion and the usual ICANN criticisms. Even if it really does get off the ground, it will take years to have an effect. Supposedly it’s already LIVE, but we aren’t sure if that’s true since we can’t get any to any sites. We think by “LIVE” they mean they are taking reservations and will turn it on and open it up to the public for registrations and access, just as soon as network infrastructure and registrars are prepared. (more…)
Spybot Search & Destroy is a great little tool for Windows, if used properly. It isn’t a replacement for a virus scanner or security suite, but can provide a tiny bit of peace-of-mind.
The two areas Spybot S&D specifically helps with are:
1) Immunization – Preventing the problem before it starts
2) Temporary File removal (more…)