Category Archives: Web Dev Security

Linux – Getting Back a Deleted File

You can get back deleted files if they are still loaded by any application. For example, let’s say I’ve deleted the file myfile by mistake but I have got it still open with vim. What I can do in order … Continue reading

Posted in Linux Command Line, PHP, Web Dev Security | Leave a comment

Secure PHP & Apache Configuration

PHP Disable error messages expose_php Off Check you can’t get info by doing telnet localhost 80 and then issueing: HEAD / HTTP/1.0 session.use_only_cookies = 1 allow_url_fopen Off [if you don’t really need the opposite] register_globals = Off magic_quotes_gpc = ??? … Continue reading

Posted in Apache, LAMP Server Setup, PHP, Security, Web Dev Security | Tagged | Leave a comment

Web Development Security

Most of these notes come from this book: Essential PHP Security, Chris Shiflett, O’Reilly, First Edition ISBN: 0-596-00656-XX Don’t underestimate a risk just because it’s impossible it happens: hackers are very clever and more expert than you. They could find … Continue reading

Posted in PHP, Security, Web Dev Security | Leave a comment

Secure Login without SSL – using Javascript MD5 library

http://iamjosh.wordpress.com/2008/03/18/encrypting-login-password-without-ssl-in-ruby-on-rails/ http://pajhome.org.uk/crypt/md5/

Posted in Javascript, Security, Web Dev Security | Leave a comment

Server Setup and LAMP Setup From Scratch with full UTF support (utf8)

Set the clock date MMDDhhmmYYYY hwclock –systohc & Where: M=month, D=day, h=hour, m=minute, Y=year The latter command is essential: it copies the date into the BIOS and makes the change definitive First steps * echo “hostname_you_chose” > /etc/hostname /bin/hostname -F … Continue reading

Posted in LAMP Server Setup, Security, Web Dev Security | Tagged , | Leave a comment

Server: Setting a Firewall With Iptables

Copy the file iptables.sh in the directory /etc/init.d with these rules (but obviously you need to customize them). Make the file executable. Assuming the current run level is the second one:ln -s /etc/init.d/iptables.sh /etc/rc2.d/S97iptables Actually you should link the script … Continue reading

Posted in LAMP Server Setup, Linux, Security, System Maintenance, Web Dev Security | Leave a comment