Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Found 17 results

  1. Hi Larry, I am loving the book, as I work towards converting lots of Classic ASP to PHP 7. I have in the past created hundreds of Stored Procedures in MSSQL. One thing that has bugged me in the past was that I found it hard to search for variables, etc., in the Stored Procedures when I changed something. In addition to liking the fact that they will be in my (easily searchable) code, I like the security and performance perks of using Prepared Statements as I translate these Stored Procedures... but I am wondering: Would Stored Procedures or Stored Functions be faster than Prepa
  2. Really enjoying your book. On page 345 you mention that file uploads entail creating a folder that everyone can write (chmod 777). Wouldn't the best practice be to change the owner to www-data and set chmod 755 (on Linux systems)? Would this pose similar or any security risks? Would you still want to configure the .htaccess file (to restrict the folder to only make mp3s publically viewable for instance)?
  3. I have a website that I am going to turn into a store and I am reading your book. It says that it might be best to use an ssl connection only on pages where it is needed. I don't know how to implement ssl only on specific pages. How do we do that. Right now I only know how to either add it to every page using the .htaccess file or not at all. What code do I use to only make some pages secure? Because if I only use https on some links, if I click on a page of my site that doesn't have https and then click on a page that does, my browser then makes all the other links I click on in my site use h
  4. Hello: I am reading this book and following on the examples. I finished the ex1 and I am testing the site. I notice that When i Log out from an account then refresh the page I go back to the index.php (which is OK). Now the problem is when i use the back button of the browser. If i go back to the log out page then back again (to the page where I logged out from) at first there will be an error, but if i refresh the page There i am logged back in with all the credentials as if i never logged out. This of course is a flaw. Imagine I am on an public place and I log out of a site and
  5. Right now on my website I created when someone is logged in they can go to the url in the address bar and change the id number associated with the url. for example one page I have is add_image.php?id=4 4 is the id associated with the article. If someone changes the 4 to a 7 for example. Then my page will show the other user's data on my page without them even entering that other person's login info. How do I make sure people can't see other user's data when they change the id number. I am using the scripts from this book. Maybe I missed something. I am using sessions properly as far a
  6. My local newspaper had a short article: "5-year-old beats Xbox security" A 5-year-old San Diego boy has outwitted the sharpest minds at Microsoft--he's found a backdoor to the xBox. He logged into his father's xBox Live account. When the password login screen appeared, he simply hit the space button a few times and hit enter. His father noticed him playing games he supposedly couldn't access. They reported the issue to Microsoft, which fixed the bug and listed the boy on its website as a "security researcher". Probably most of us are doing our security the way Larry taught us, and I hope we a
  7. Hi, I recently restructured a website along the modularization lines (page 44 onwards). The content modules all start with a check to see if the BASE_URL constant has been defined and redirect the user if it has not been defined. This is clear and works just fine in the visitor-accessible part of the site. In the administration part of my website, the modules also check to make sure that an administrator is using the script via a check to a session set up like page 82 onwards. I am having trouble with 'headers already sent' and understand why this is happening and know how
  8. For security reasons Larry says we should create certain folders outside of the "httpdocs" or main web directory. My web hosting company will not let me. This web hosting company is inexpensive, just about $48.00 a year for domain and all. I think I need to change because of the security concerns. Would you agree? If so is there some hosting companies that you suggest? Or can I set up an old XP computer or Win 98 to be a web server and it be as inexpensive to run? Thanks for your input.
  9. 2 problems with my code, the filter_var doesn't seem to work at all for any of my variables, also the spam_scrubber function doesn't seem to clean \r, and \n, when put in my contact form, it cleans all the rest though just fine. <?php // resources.php function spam_scrubber($value){ $very_bad = array('to:', 'cc:', 'bcc:', 'content-type:', 'mime-version:', 'multipart-mixed:', 'content-transfer-encoding:'); foreach ($very_bad as $v){ if (stripos($value, $v) !== false) return ''; } $value = str_replace(array( "\r", "\n", "%0a", "%0d"), ' ', $value); return trim($value); }//end o
  10. Hello, I'm new to this forum, and unsure whether or not this is the right place to post this. I'm working on a membership system for a local organization which initially will have contact information (names, addresses, telephone numbers, email addresses, birth dates, etc) as well as other info related to the organization in a MySQL database. There are no plans to add data that is any more sensitive (i.e. credit card numbers), and we will never be doing any kind of e-commerce. There is also a separate part of the existing site, created using Wordpress, that (as far as I can see) has n
  11. I have various questions, inspired by the book “Effortless E-Commerce With PHP and MySQL”, regarding website security. Question #1 On page 34, it discusses using the open_basedir setting. How is this achieved exactly? ... I am assuming this is something you write into a php.ini file, but there was not a php.ini file in the downloadable example scripts. What would the code in the php.ini file look like exactly? Question #2 On page 35, it discusses changing a setting to disable register_globals. How is this achieved exactly? Question #3 On page 36, it discusse
  12. I really like your book! I wish I knew PHP & MySQL as well as you do! Anyway, I intend to have an e-commerce site going someday and security is of course something I'm paranoid about. I don't trust myself with handling all the security because I'd never feel peace of mind. Are there companies who test the security of your website for you? You know... who try to mess things up, look for holes, try to get the information you're protecting, etc., then report to you what needs to be changed. You'd have to trust these companies of course... Thanks
  13. Hi All I'm on page 41 (in Security Fundamentals). Referring to: "For sensitive data being stored, but not stored in a database, change your sessions directory, and use the Web root directory's parent folder (see Figure 2.5)." Could someone elaborate on what this means? I'm not sure what a sessions directory is. When it refers to "sessions", is it talking about session variables that we can create?... like if I wanted to store the logged-in users first name in $_SESSION['userFirstName']? Is temporarily storing potentially sensitive data in session variables not secure?
  14. In a current project I have a large database that basically holds people and their personal information e.g. each contact can have multiple phone numbers, email addresses, residential addresses etc... As a result data security and integrity are very important. I started of sketching out the database schema and it seems fairly straight-forward. I'd create a people table which contains the individual people and then a series of other tables to hold their personal information each in a one-to-many relationship. E.g. Each person can have multiple phone numbers. All seemed fine until I
  15. Does displaying your phpinfo() page on your server pose any security risks?
  16. Hi A somewhat philosophical question here regarding web security. On pages 229 and 489 you show a schematic whereby the php scripts are in a subdirectory of the webpage. Wouldn't it be more secure to put the 'includes' directory in the same place as 'mysql.connect.php' and call it with ../includes/script.php? This would make it a little harder for malicious people to access programs from their browser. ...just a thought....
  17. I am trying to understand this bullet point on page 368: "Watch how database references are used. For example, if a person's user ID is their primary key from the database and this is stored in a cookie (as in Chapter 11, "Cookies and Sessions"), a malicious user just needs to change that cookie value to access another user's account". Page 349 tells us that when a session is created, it also creates a browser cookie. For example when tracking user activity, checking to see which user modified a table. Here some methods in the book: (1.) A solution on page 358: Page
  • Create New...