2014
ircmaxell/password_compat · GitHub
by 1 otherThis library is intended to provide forward compatibility with the password_* functions being worked on for PHP 5.5.
Secure Salted Password Hashing - How to do it Properly
by 3 others, 2 commentsIf you're a web developer, you've probably had to make a user account system. The most important aspect of a user account system is how user passwords are protected. User account databases are hacked frequently, so you absolutely must do something to protect your users' passwords if your website is ever breached. The best way to protect passwords is to employ salted password hashing. This page will explain how to do it properly.
2012
2010
Portable PHP password hashing ("password encryption") framework
by 5 othersThis is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with at least PHP 3.0.18 through 5.3.0 so far.
2009
Faille PHP dans les versions inférieures à la 5.3.1
by 1 otherUn advisory concernant les releases PHP antérieures à la version 5.3.1 a été publié ce vendredi. En effet, la 5.3.1 contient un patch pour un DoS ayant été reporté le 27 Octobre 2009. Le problème concerne le support de la RFC 1867 dans PHP (Formulaire d’upload HTML).
2008
2007
Learning from Facebook: Preventing PHP Leakage | New Web Order - Nik Cubrilovic
by 1 otherI just posted on TC about the Facebook code leak. PHP has always been notorious for sometimes not processing requests poorly and sending back the source code for pages to the client. Because of the way mod_php works with apache, if mod_php fails in intercepting and processing the request, then apache will just serve it back to the client as an ordinary text file. I could go into the details of how this all works and why it sometimes breaks, as well as the causes, but instead lets touch on a few solutions to preventing PHP code from leaking:
1
(8 marks)
