Can a client view server-side PHP source code?
I'm developing a PHP application that has to respond to request from several clients, and I thinks "Can any of the clients see the PHP code that I'm writing?". ...
anti-hacking
Hacking and different environments
For a long time, I've wanted to become a security expert. In fact, I've always wanted to know everything there is to know about computers in general. So I did some reading on viruses and the different type of environments you can get. What I found is that viruses affect Windows computers more than UNIX due to less people using UNIX for w...
PHP session id problem
It it safe to use the built in session creator in PHP? My worry is that someone could hijack the token cookie on another persons machine, and set theirs to exactly the same, therefore tricking the server into thinking that they're the same person. Is there protection (e.g. IP checks) to stop this or should I be using something more secu...
Possible strategies to increase the difficulty of effective bytehacking
I've been asked to patch a few minor flaws in a game of the unreal series. It uses the unrealscript language which produces bytecode in a similar way to Java. One of the issues is that it's possible to edit any packages downloaded to a client and insert a goto instruction to jump over important bits of code. It isn't possible to preven...
Is the ASP.NET cryptographic vulnerability work around a BIG LIE?
This question is somewhat of a follow up to How serious is this new ASP.NET security vulnerability and how can I workaround it? So if my question seems to be broken read over this question and its accepted solution first and then take that into the context of my question. Can someone explain why returning the same error page and same st...