Comments on: Securing PHP applications Part I – Securing PHP code /2010/09/securing-php-applications-part-i-securing-php-code/ Mon, 29 Oct 2012 17:41:39 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Links of the week | Ani's Geeky Blog /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-980 Links of the week | Ani's Geeky Blog Fri, 01 Oct 2010 10:02:03 +0000 /?p=261#comment-980 [...] PHP applications, (part1 and [...] [...] PHP applications, (part1 and [...]

]]>
By: This Week’s Link List (September 17, 2010) : Brian Swan's Blog : The Official Microsoft IIS Site /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-927 This Week’s Link List (September 17, 2010) : Brian Swan's Blog : The Official Microsoft IIS Site Wed, 29 Sep 2010 17:59:06 +0000 /?p=261#comment-927 [...] Part 1 in a series about securing PHP applications: /2010/09/securing-php-applications-part-i-securing-php-code/ [...] [...] Part 1 in a series about securing PHP applications: /2010/09/securing-php-applications-part-i-securing-php-code/ [...]

]]>
By: Claudia /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-916 Claudia Wed, 29 Sep 2010 08:45:29 +0000 /?p=261#comment-916 Hi Guillaume, At that point the solution I posted was : "... the first thing you should do is to use $_POST instead of $_REQUEST, validate the user and use a token validation system to force the user to use your own forms. " I reffered to these 3 methods used together, not just to replace the REQUEST with the POST. Hi Guillaume,

At that point the solution I posted was :
“… the first thing you should do is to use $_POST instead of $_REQUEST, validate the user and use a token validation system to force the user to use your own forms. ”

I reffered to these 3 methods used together, not just to replace the REQUEST with the POST.

]]>
By: Guillaume BRETOU /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-913 Guillaume BRETOU Wed, 29 Sep 2010 07:46:58 +0000 /?p=261#comment-913 Hi, I didn't read the whole of your article but in point 4 you said that the user should use $_POST. Well, OK he has to, but an attacker can check the header sent (with Live HTTP Headers for example) and perform a POST request with the data he wants. It is the token mechanism you speak of which will greatly help preventing those attacks. Hi,

I didn’t read the whole of your article but in point 4 you said that the user should use $_POST. Well, OK he has to, but an attacker can check the header sent (with Live HTTP Headers for example) and perform a POST request with the data he wants.
It is the token mechanism you speak of which will greatly help preventing those attacks.

]]>
By: Ilyas Kazi /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-911 Ilyas Kazi Wed, 29 Sep 2010 06:57:25 +0000 /?p=261#comment-911 hmmm.. by the time I was reading this post, it seems you already posted part-2 as well.. plz ignore my previous comment. hmmm.. by the time I was reading this post, it seems you already posted part-2 as well.. plz ignore my previous comment.

]]>
By: Jean /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-910 Jean Wed, 29 Sep 2010 06:33:32 +0000 /?p=261#comment-910 Lots of good points. I was aware of this but it's always good to get a refresher for good practices! Lots of good points. I was aware of this but it’s always good to get a refresher for good practices!

]]>
By: Ilyas Kazi /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-908 Ilyas Kazi Wed, 29 Sep 2010 06:31:53 +0000 /?p=261#comment-908 Nice coverage.... I expect a little more stronger protection guidance in your part-2... Nice coverage….

I expect a little more stronger protection guidance in your part-2…

]]>
By: Vernetta Eickmeyer /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-803 Vernetta Eickmeyer Thu, 23 Sep 2010 14:37:30 +0000 /?p=261#comment-803 Who made this wp subject? Can We have his/her get in touch with e-mail or IM title? Who made this wp subject? Can We have his/her get in touch with e-mail or IM title?

]]>
By: mazgalica /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-781 mazgalica Wed, 22 Sep 2010 17:45:32 +0000 /?p=261#comment-781 Salut imi place cum scrii te-ar interesa un schimb de linkuri cu siteul meu? Salut imi place cum scrii te-ar interesa un schimb de linkuri cu siteul meu?

]]>
By: Dimitris /2010/09/securing-php-applications-part-i-securing-php-code/comment-page-1/#comment-635 Dimitris Wed, 15 Sep 2010 06:24:31 +0000 /?p=261#comment-635 Too Helpfull....Thnx Too Helpfull….Thnx

]]>