Archive for the ‘Security’ Category

Web Application security means taking many measures to protect your application, server, database and network – depending what you control and what you don’t. The most basic forms of security involve User Authentication on websites, ensuring your users can securely login and stay logged in. Preventing SQL injection attacks is also very important.

It’s important for end-users to secure their own computers too. Cookies are a huge security risk, as someone who gets your cookies can easily load them up and test which ones are active, easily accessing and logging into any websites whose active sessions they get.

01
Apr
2013

Solution: How to keep your PHP sessions open as long as possible

by php-love

Keeping PHP Sessions open, or any sessions open regardless of what language you use, can be a pain. One of the most commonly asked questions is “How do I keep my sessions open for 30 days or more?”.

This is written from the perspective of PHP, but of course Cookies themselves can be manipulated from whatever server-side language you use to code your web application.

So if your users only stay logged in for a few hours, maybe a a couple of days at the most, and you want them to stay logged in much longer, continue reading.

The main reason this method works is because it doesn’t rely on PHP to keep the session, and sessions on the server tend to get cleared out, which is probably the most common reason for users having to login again. Rather than rely on PHP garbage collection to work properly, you take control of a secondary session that you store yourself. When the primary login check fails (depends on your application), you check the secondary session against your own records, and if you find a match, you can auto-login the user, returning control to the PHP session itself. You can choose to be seamless about the whole process, or you can present your user with one of those unnecessary messages saying “Please wait while we find your account…”. (more…)

Tags:
Posted in Performance, PHP and MySQL, Programming, Security, Servers, Troubleshooting Tips, Web Development | Comments Off

29
Mar
2013

Website Owner Tips: Protect Your Domain, your GoDaddy Account and your Business

by php-love

Your registrar – most likely GoDaddy – is where your purchased your Domain Name. It’s very important to keep your GoDaddy account secure, because if an unauthorized user gains access to your account, they can transfer your domain to a different owner, and it can be exceedingly difficult to regain control of your domain, so here are some tips to keep your domain and your business safe: (more…)

Tags: , ,
Posted in Domains, Security | Comments Off

04
Jan
2013

History Lesson: How Facebook Apps made Facebook successful, then destroyed it

by php-love

Facebook Apps: Do you care?

That just about sums up what people think of them.

When Facebook Apps debuted many people were confused. People began asking “Why do these apps exist?” “and What can I do with these apps?”.

But then something happened. The apps became crap, and people started asking a different question: “Why are these apps so dang annoyng?” and “How can I use Facebook but ignore all this App garbage?”. (more…)

Tags: ,
Posted in Apps, Performance, Programming, Security, Software | Comments Off

06
Jul
2011

Security: .htaccess and Apache

by php-love

Apache is massively popular right now and probably the leading web server software. As such it is a security target, and much development and updates happen regarding Apache security. .htaccess is a security method long used by Apache, although it can do much more than just security. The .htaccess file provides a lot of functionality, anything from redirects, to URL re-writing, to changing PHP settings or Apache settings, folder display settings, and password and IP security.

.htaccess is hugely popular and a great way of going about several important tasks on a website. Documentation is readily available on the internet, most features are very easy, and the features it provides are incredibly useful.

Tags: , ,
Posted in Glossary, Linux, PHP and MySQL, Programming, Security, Servers, Software, Troubleshooting Tips, Web Development | Comments Off

09
Jun
2011

Android: Freedoms, Truths, and Myths

by php-love

Since the introduction of the Android OS by Google, there has been tons of hoopla about what Android is, what Android does, and what sets it apart. These aspects of Android have been manipulated and misconstrued by the media, and subsequently by the public, resulting in a poor understanding of what Android is. (more…)

Tags: , , , , , ,
Posted in Android, Frameworks, Google, Linux, Programming, Security, Software | Comments Off

12
May
2011

The Rule

by php-love

Simplify.

Tags: , ,
Posted in Android, Code Snippets, Domains, Frameworks, Glossary, Google, HTML and CSS, JavaScript and AJAX, Linux, Personal Computer, PHP and MySQL, Programming, Security, SEO and Rankings, Servers, Troubleshooting Tips, Web Development, Windows | Comments Off

09
May
2011

PHP: error reporting and display settings for my web application

by php-love

PHP error reporting can be simple or difficult depending upon your application. Many sites and applications change the settings, either via the php.ini file, an .htaccess file, or directly in the PHP code. In fact, setting the values directly in the PHP code of your application is probably the most common method.

So which settings are you actually supposed to change? Try these for starters:

  • error_reporting
  • display_errors
  • log_errors

The following example contains the syntax:

ini_set('error_reporting', E_ALL & ~E_NOTICE);
ini_set('display_errors', 0);
ini_set('log_errors', 1);

(more…)

Tags: , , , , ,
Posted in Domains, PHP and MySQL, Programming, Security, Troubleshooting Tips, Web Development | No Comments »

06
May
2011

The internet’s new red light district – the .xxx domain extension and ICANN

by php-love

ICANN has announced what has been discussed, proposed, rumored and knocked down for years – an official digital “Red Light District” for the internet.

A couple of months ago, ICANN introduced the .xxx domain extension – targeted towards Adult content. The idea has been met with resistance, confusion and the usual ICANN criticisms. Even if it really does get off the ground, it will take years to have an effect. Supposedly it’s already LIVE, but we aren’t sure if that’s true since we can’t get any to any sites. We think by “LIVE” they mean they are taking reservations and will turn it on and open it up to the public for registrations and access, just as soon as network infrastructure and registrars are prepared. (more…)

Tags: , , , ,
Posted in Domains, Glossary, Google, Security, SEO and Rankings, Web Development | No Comments »

06
May
2011

Spybot Search & Destroy: Now stop asking me

by php-love

Spybot Search & Destroy is a great little tool for Windows, if used properly. It isn’t a replacement for a virus scanner or security suite, but can provide a tiny bit of peace-of-mind.

The two areas Spybot S&D specifically helps with are:

1) Immunization – Preventing the problem before it starts
2) Temporary File removal (more…)

Tags: , , , ,
Posted in Personal Computer, Security, Troubleshooting Tips, Windows | No Comments »