Ed Finkler, not normally a big fan of the WordPress PHP-based blogging system, has pointed out some positive steps that were made in the latest release in the security arena.

Anyone who gets me liquored up knows that I'm not a fan of Wordpress. I think it's great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don't believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption.

He mentions two things in particular - their addition of salted passwords and secure cookies.

On PHPBuilder.com today, there's a new tutorial that talks about a method to securing data sent via GET requests in your application.

In this article I'm going to show you how you can use PHP to encode your data for transit. Most importantly, it will be done in a way that makes the data decodable, and therefore much more usable, by the receiving page.

They talk about some of the advantages to encryption before getting into how it actually works. Their example script is separated out into three PHP files - the main part of the script, a single-use script that, in turn, creates the third file, include file for the encode/decode functions. With the structure defined, they move on to the code - the generation of the file with the large multi-dimensional array and the two functions to encode and decode the information.