Tagged Questions
4
votes
2answers
241 views
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web.
I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like?
This is ...
1
vote
2answers
92 views
secure certain data on my webserver
I've developed a website where people add their sensitive data. Not credit cards, but lets say they share things about themselves which are private and it wouldn't be good if other people see that ...
3
votes
3answers
449 views
Is it possible to execute a php script in an image file? [duplicate]
I have an image upload php website. Users can upload images to my website. A user claims he can hack my website using an uploaded image.
I opened all the images that he uploaded to my server with ...
1
vote
2answers
115 views
how to find injected code in SQL
Recently one of my sites is hacked. The hacker used SQL injection to compromise the security. After getting SQL access he injected code in many places in database. I cleaned up many of them. But I am ...
0
votes
1answer
288 views
ASP.net vs PHP security? [closed]
I have been told that generally speaking, asp.net web apps tend to be more secure than php, since asp.net has some automatic security measures, for example, by default it doesn't allow remote file ...
5
votes
4answers
621 views
Is $_SERVER[ ] a safe source of data in PHP?
Can I 100% rely on $_SERVER[] to be a safe source of data that I do not need to sanitized like I do $_GET[] and $_POST[]?
Thanks.
OVERVIEW OF RESPONSES:
So it seems there is a consensus that some ...
2
votes
4answers
235 views
When logging out of a website is anything else required then destroying the session?
In PHP, I'm not sure if I should start the session before destroying it when a user wants to log out.
session_start();
session_destroy();
Is there anything else that needs to be done?
EDIT: I ...
2
votes
3answers
132 views
is it safe to allow external images to be attached to Blog or any Web content?
I am filtering all images that attached to any content of my blog:
Check for file extension.
Check content type using $finfo = finfo_open(FILEINFO_MIME_TYPE);
I also save the image temporary on my ...
0
votes
2answers
124 views
how to bypass “header” in php
While reading an article I encounter an interesting thing I did not know about:
if(!isset($_SESSION['usr_id']) || !isset($_SESSION['usr_name']))
{
header('Location: index.php');
}
...Which ...
3
votes
1answer
148 views
CodeIgniter CSRF confusion
I have been working with CodeIgniter for about 3 weeks and am very well on the way to loving this framework. However I have been looking at the core code of the framework and I was reading over the ...
-1
votes
1answer
57 views
setting up website for logged in users, anyone, and files no one should see (via the web) [closed]
I asked how to prevent not logged in users from seeing certain content but the solution I chose to implement encountered a problem. I chose to make my root directory for the server C:\WAMP\www\public ...
1
vote
4answers
574 views
Playing with Referrer Header
There are 2 sites:
http://www.site1.com
http://www.site2.com
http://www.site1.com contains link to http://www.site2.com as
<a href="http://www.site2.com/">link<a/>
When user clicks ...
-1
votes
3answers
207 views
Unable to secure my site [closed]
I am php developer. I have enabled Captcha and CSRF tokens but still some one is inserting random values in my database. Please give me an idea about how anyone can insert junk values in my database ...
0
votes
2answers
170 views
Is this code vulnerable?
I have developed a php code given below. I would like to know what are the security vulnerabilities present within this php code?
<?php
if(isset($_SESSION['id'])){
// get data ...
1
vote
1answer
69 views
Client vs Server security for business critical application (crossplatform)
We have the option to develop a software either based on
Java (but then it is only available for desktop clients using Java SE and can run maybe also as tomcat app can be multithreaded, stable, ...
