public marks

PUBLIC MARKS from srcmax with tags php & sécurité


ircmaxell/password_compat · GitHub

by 1 other
This library is intended to provide forward compatibility with the password_* functions being worked on for PHP 5.5.

Secure Salted Password Hashing - How to do it Properly

by 3 others, 2 comments
If you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain how to do it properly.



Portable PHP password hashing ("password encryption") framework

by 5 others
This is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with at least PHP 3.0.18 through 5.3.0 so far.


Faille PHP dans les versions inférieures à la 5.3.1

by 1 other

Un advisory concernant les releases PHP antérieures à la version 5.3.1 a été publié ce vendredi. En effet, la 5.3.1 contient un patch pour un DoS ayant été reporté le 27 Octobre 2009. Le problème concerne le support de la RFC 1867 dans PHP (Formulaire d’upload HTML).



Learning from Facebook: Preventing PHP Leakage | New Web Order - Nik Cubrilovic

by 1 other
I just posted on TC about the Facebook code leak. PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client. Because of the way mod_php works with apache, if mod_php fails in intercepting and processing the request, then apache will just serve it back to the client as an ordinary text file. I could go into the details of how this all works and why it sometimes breaks, as well as the causes, but instead lets touch on a few solutions to preventing PHP code from leaking: