Started using PDO prepared statements not too long ago, and, as i understand, it does all the escaping/security for you. for example, assuming $_POST['title'] is a form field. $title = $_POST['title']; $query = "insert into blog(userID, title) values (?, ?)" $st = $sql->prepare($query); $st->bindParam(1, $_SESSION['user']['userID'], PD...
if (file_exists("pages/$page.php")) { include($page.'.php'); } Is this safe? With Safe i mean that you cant include remote scripts etc ...
I have to develop a system with very little safety related issues. We would like to be compliant with SIL 1 safety level. What implications does it have to software development? Which techniques of QA (including documentation to be generated) must be considered? ...
Because of safety (check if user are logged in), I call a php-document when showing images. <html>... <img src="showImage.php?id=455" /> ...</html> showImage.php: <?php... if($_SESSION['user']){ //Get the src to the image $_GET[$id] = mysql_real_escape_string($_GET['id']); $result = mysql_query(" SELECT src ...
Consider I have created software and want to make that soft to be activated via internet if it is being purchased (more precisely, if a license has been purchased). What is the contemporary way of making software safe from using without purchasing a license (from hacking)? How the software and license database should interact to make a r...
Is that right that C# can be reverse engineered? How is easy to do that? Can we say the C# is not enough good from safety aspect? And what about C++ compared with C# against decompiling? ...
Yesterday I was working on a shell script to perform some moderately complex table insertions to a MySQL database. Naturally I was keeping a mysql client shell window open to for running describe commands, sample queries, and to remove my test rows between test cycles. Yes this was on a live, production database. At the point where I ...
Hey i would like do have your input on this I use this to generate unique salts to each of my users when they register (random letters and numbers). how big is the chance that salts will colide? uniqid(mt_rand()); I then use md5 to hash salt, password and email(in that order) together as password and rehash when they log-in. md5($sa...
Hi, I am developing my login for my new homepage. Now I found out, that I must save something like the userID (or another value that i can recognize my user) in the session variable of the browser. At the moment I use INT for the userID. So isn't it unsafe to put the userID in the session? E.g. when I edit my session variable manual...
Hi guys I have read about password salting, but this might sound a little odd. But how do I store and secure the salt. For example in a multi tire architecture say I use the client machine’s GUID to generate my salt then the user gets restricted to a single machine but if I use random salt it has to be stored somewhere. Few days back I ...
Since I'm always sticking to CSS 2, it was a (pleasant) surprise for me today to find out that CSS 3 supports alpha channels in colors. That allows for a nice range of effects. But - which browsers (and from what version) support this? Is it safe to use this today, or are we better off by still making a 1x1px png image and adding the IE6...
Hi, does anybody know agood way in granting a connection from one service to another, so that both services benefits fromeach other? I would like to have an easy but never the less safe way to do a connection between my server and another server, but I don't know how to do that. It should be ... easy, so that neither the user nor the ...
I have been looking for free for commercial use way to get information on police, fire, hospitals etc.. near an arbitrary location. (middle of a large city, or a desert). What are some good sources for this kind of information that I may have missed? free or not. ...
Is it thread safe to make Converter a singleton? public interface IConverter<TFoo, TBar> where TFoo : class, new() where TBar : class, new() { TFoo ToFoo(TBar q); TBar ToBar(TFoo q); } public class Converter : IConverter<Foo, Bar> { public Foo ToFoo(Bar b) {return new Foo(b);} public Bar ToBar(Foo f) {return new...
i.e., would the following be expected to execute correctly even in a multithreaded environment? int dostuff(void) { static int somevalue = 12345; return somevalue; } Or is it possible for multiple threads to call this, and one call to return whatever garbage was at &somevalue before execution began? ...
If I call AddMonths on a DateTime object using an int that is too large, I get an ArgumentException thrown in my face with a polite message that says, "The added or subtracted value results in an un-representable DateTime. Parameter name: months" What check should I do on the months argument before calling this method? ...
I don't have any concept about ZF safety. Do I have to use Filter when operating on database? Maybe binding is enough ? How about this: $users->update($data, 'id=1'); Should $data array be filtered somehow ? Feel free to write anything you know about the issue. Could you give some links to good articles about safety in ZF (mainly abo...
Hi all, I'm working on a system that relies in $_SERVER['REMOTE_ADDR'] to get the user address and check it against a white list of addresses. Is this approach safe? Or is there a way of forcing values in superglobal variables? Thank you, Diogo ...
Hello, I'm working on a web service that would use an SMS gateway to receive instructions from customers. Since this would be a commercial product I would like to implement a safeguard to protect our system from SMS spoofs. I don't want people impersonating others by spoofing their number. I've noticed that Twitter allows people to tw...
My gut tells me that if i am on a laggy server and the user fires two events fast enough on the success function c will be the value of the most recent event causing func1 to use the wrong value. <--- This is a guess, i haven't proved it. Its a feeling. How do i ensure that i use the right value when calling func1? I prefer not to send ...