Hello, I made a WebSocket service in Apache under CentOs with PHP and JS that works great if the protocol is ws:// . The problem is that the site is served through https:// so I must use wss protocol (cause mixed content policy). I have tried many approaches to make it work and any idea would really help. First I tried to bind the socket of the WS (WebSocket) Server to 443 , but I got permission denied. The next thing was trying to alternate httpd.conf through include file to make every communication made in this server IP though a …

Member Avatar
Member Avatar
+0 forum 2

Hello, I have created basic web APIs before for simple, publicly avaiable data using simple PHP Get statements. But I'm wondering how I can create a more secure API where the API call can send private data without it being available as easily as the PHP get statement is. To confirm, I am looking for methods to actually send private data to a web url and handle it from the url. It would probably be using API keys unique to the user. Thanks.

Member Avatar
Member Avatar
+0 forum 1

I have got this code from an article on secure login systems. I know basically nothing about php so I would like to know if this is good code to use? Part 1 of 8: Configure Your Server 1. 1 Install a Web Server, PHP and MySQL on your server. Most web hosting services will have PHP and MySQL already installed. You will just have to check they have the most recent versions of PHP and MySQL for this guide to work. If they don't have at least PHP5.3 and MySQL5 you might like to ask a few questions about …

Member Avatar
Member Avatar
+0 forum 8

hi want my user to upload images to my server. There is a lot of security risks i am aware of, like: 1. client side validation is not a good idea. 2. PHP code can be embedded into various other data types.(like embeded in a image file) 3. by using `$_FILES["file"]["type"]` for detecting file type is another risk. 4. user can use null byte. so how can i secure my uploads so that user can fake the extensions or embeded the image with php code. or prevent user from bypassing security checks. here is the code i found on the …

Member Avatar
Member Avatar
+0 forum 17

I want to create a REST api using php for my website so that, my app can access the data stored in the database. I need for the user to be able to log in to the server through the app and i am unsure of how to implement this securly? I have considerd oAuth but its not really what im looking for as it is for third party software

Member Avatar
Member Avatar
+0 forum 1

So, I have a small site for the highschool I'm currently in, a pretty simple site connected to MySQL for a simple HelpDesk app (I used a lot of scripts that I found here to make the site work, thanks for the contributors btw!!), and some useful links for school resources, I've studying PHP in my spare time, and now I am trying to put up inquiry / response app inside the site, I am currently developing it from scratch, but after every form I finished coding, some problems appear and honestly they are beyond my knowledge, I have started …

Member Avatar
Member Avatar
+0 forum 6

I want users to enter their name into a textbox but i want to ensure that they type in something so my program will continue the name into another form by a button. How do foolproof this while clicking the button won't automatically send nothing to the other form and end up crashing?

Member Avatar
Member Avatar
+0 forum 4

hello ! i want to know if there is any programming language to develop desktop applications which can not be decomplie any way .as i am currently working in .net , and it is very easy to decompile .net code . is there is any other language which is safe from decompiling .(sorry for my bad english.) Regards M.Waqas Aslam

Member Avatar
Member Avatar
+0 forum 6

I know this question is extremelly hard to answer without actually checking how I setup my server, but I wondered if anyone could give me a quick rundown and/or information as to how I could check and protect it further. I am running a Web Hosting Server using old computer components, the server runs Ubuntu 11.10 Server Edition and automatically updates. I am also running the Linux Firewall and a seperate firewall package. I only allow Ports 22 and 80 to be accessed. The server is connected via ethernet to my router which also has it's own firewall and again, …

Member Avatar
Member Avatar
+0 forum 3

Hello guys. I'm developing a web application in which I have to connect to a mssql server which is connected through a proxy server. I have allowed data transfers for the MSSQLSERVER service, and allowed connections for port 1433. I've read that this is absolutely insecure, and it still gives me [icode]mssql_connect()[/icode] errors, so which one is the best way to do this? Thanks in advance

Member Avatar
Member Avatar
+0 forum 1

Hi, I'm trying to figure out a way to configure a Wireless Access Point (WAP) in a way that gives access to everyone and in the same time forbids packet sniffing and accessing each other computers. What I thought about so far is setting firewall rules on the WAP like that: firewall block 192.0.0.0 255.0.0.0 the WAP Gateway IP is for example 192.168.0.1 so no one can ping or access other WLAN users. The question: 1- With such firewall rule, can users sniff LAN packets although they can't reach each other? I think yes they can, but I'm not sure. …

Member Avatar
Member Avatar
+0 forum 2

Hi bro, this is my frame work of the simple login script. now i want a send the id input to the display.php, without changing this frame work coz i only know this way of making a simple login. [CODE] <?php if (isset($_SESSION['basic_is_logged_in'])) { unset($_SESSION['basic_is_logged_in']); } session_start(); $errorMessage = ''; if (isset($_POST['name']) && isset($_POST['id'])) { mysql_connect('localhost', 'root', 'jackson'); mysql_select_db('praveen'); $user = mysql_query("SELECT name FROM `users` WHERE `users`.`id` = '$_POST[id]'"); $row = mysql_fetch_array( $user ); $name = $_POST['name']; $fetch = $row['name']; if ( $name == $fetch ) { $_SESSION['basic_is_logged_in'] = true; header('Location: display.php'); exit; } else { $errorMessage = 'Sorry, wrong …

Member Avatar
Member Avatar
+0 forum 2

Hi, I was reading a few articles about secure login systems without SSL, as it looks a bit difficult to set up a server to accept HTTPS connections, create a certificate etc. Anyway, the main problem would normally be that when a user logs in, the password is sent to the server as plain text, making it easy for other people to intercept that password. I found some 'solutions' on the internet that suggested encrypting (or, more specifically, hashing) the password with JavaScript before submitting the form. That would make the password unreadable for whoever is intercepting your internet traffic. …

Member Avatar
Member Avatar
+0 forum 2

[ATTACH=RIGHT]16929[/ATTACH]In a blog posting August 26, Microsoft announced that it is revising the licensing terms of its Security Development Lifecycle, moving parts of it to a Creative Commons license. Security Development Lifecycle is a methodology that Microsoft developed that incorporates best security practices at every level of the development lifecycle when security is important--such as in secure business environments or where personally identifiable information is vital. The methodology includes a set of documentation explaining the process and how to follow it, as well as a set of software tools to help in the software development. But there's always been a …

Member Avatar
Member Avatar
+0 forum 1

[ATTACH=right]16134[/ATTACH]At [URL="http://googleblog.blogspot.com/2010/07/introducing-google-apps-for-government.html"]today's press conference[/URL], Google announced a new version of its Google Apps productivity suite, [URL="http://www.google.com/apps/intl/en/government/trust.html"]Google Apps For Government[/URL]. The software has been certified as meeting U.S. Government security requirements. Like the Premier version of their suite, the cost is a yearly charge of $50 per user, and includes applications such as Gmail, Google Docs, Google Calendar, and Postini, an e-mail/Web security and archiving service. The certification is a FISMA-Moderate rating, which can be used for sensitive, but not classified data. FISMA stands for the Federal Information Security Management Act passed in 2002 and applies to all information systems used …

Member Avatar
+0 forum 0

Hi all, Pretty new to PHP and I am trying to get a handle on securing a form fields data. For example, I have a simple form where user enters information into a field called mydata. The field must be able to contain multiple words and basic punctuation. What I have now is shown below in the code. Is this "really" secure? I have a good feeling that my site will become a target. Also, what should I use inplace of eregi as I just saw where that is deprecated in php5# and removed in PHP6+ [code] //Function to sanitize …

Member Avatar
Member Avatar
+0 forum 1

The End.