News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anna Filina:
Brute-force countermeasures
June 11, 2014 @ 10:09:10

In her latest post Anna Filina has made some recommendations of countermeasures you can use to help prevent abuse against brute force attacks in your applications. The recommendations aren't PHP-specific, but they're a good guide and a place to start.

Password brute-forcing refers to trying all password permutations until the attacker finds the right one. Here are some of the most common ways to mitigate that risk: increase the length of the password and increase the number of possible characters. [...] The human factor should not be ignored here. People often use letters in the beginning and numbers at the end.

She recommends a few other tactics to helping prevent the brute forcing including locking an account after a number of unsuccessful login attempts and requiring a CAPTCHA after a number of unsuccessful logins. She recommends not relying on a single method to help prevent this kind of attack, however. Multiple layers can only help, but be careful not to introduce too much complexity.

0 comments voice your opinion now!
brute force attack countermeasure password

Link: http://afilina.com/brute-force-countermesures

Phil Sturgeon's Blog:
Hijacking Headers to Force Downloads
March 29, 2012 @ 11:29:28

Phil Sturgeon shows how you can hijack headers in his latest post to force a download to the client (even on a hosted service like PagodaBox).

The question [I posed on Twitter] was: "How to force a download of any file of any type, not on your server, without Apache tweaking? Images are displaying and need em to download." Essentially, I wanted to be able to link to a file that was not on the server in question and anywhere in the world, which could be of any size, any media type and could be potentially very high traffic.

Answers varied from using readfile to just letting the browser handle it. None of the responses were quick right until he came across one that recommended some settings in an .htaccess file. It uses

0 comments voice your opinion now!
file download force header question htacess


DevShed:
Securing Your Web Application Against Attacks
October 21, 2008 @ 08:47:32

DevShed continues their series focusing on the security of your web application in this fifth part of the series. This time they look at preventing attacks on your app via correct authentication.

You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.

This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.

0 comments voice your opinion now!
secure application tutorial html form login password sniff brute force


Pierre-Alain Joye's Blog:
Windows fixes release for Zip, fopen(,"rb") may not be binary safe
November 28, 2006 @ 07:13:09

A new release of the Zip PECL package has been made according to this post on Pierre-Alain Joye's blog today. The main update in this release is to counteract a Windows bug that's interfering with binary file opens.

The issue is actually a windows bug. No matter if I give or not the "b" flag to fopen, the write operations are not binary safe. It seems to be a known issue as many projects use the same trick.

The problem comes up when PHP forces the binary mode in SAPI and CLI, making the binary writes to a file non-binary safe no matter what. Pierre is also asking for help from anyone out there with any information/bug reports/references about this issue that would yield something useful.

0 comments voice your opinion now!
fopen binary safe windows force mode bug sapi cli fopen binary safe windows force mode bug sapi cli



Community Events





Don't see your event here?
Let us know!


podcast language list laravel tips opinion community series interview introduction install zendserver update framework library package release deployment symfony api

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework