FIXIT MENU:
home about us contact us

WHAT'S AVAILABLE:
free scripts advanced scripts online tools great books web related tutorials contributed tutorials news archive geek toys!

SUPPORT:
help forum live chat help



Selected article

RSS feed   enewsbar Live Subscribe    Add to MyYahoo    Add to Google

Other HTMLfixIT articles:

«««



by Franki

While doing my weekly check of securityfocus.com for news of any new vunerabilities, I came across this excellent article on Web application security:

Securing web applications (session management).

I’m paranoid as anyone that knows me is aware of.. so this sort of thing really appeals to me..
The session management of both the downloader and stats counter both already roughly follow the suggestions made by that story. It would not really be possible to steal a session from one of the scripts because the session files and cookie strings are extremely long and random, the cookies are “session” cookies that disapear when the browser is closed, and the script itself removes any old session files each time its run, and in fact even if someone did manage to create a session the same as a previous valid session, they will still need to know the hash inside the session file that is based on the user and password of the login, (which is checked for, in every access of the admin screens.). Ironically, all of that is just protecting a screen of download counts (in the downloader script) and a bunch of web user statistics (in the stats counter and the advanced stats counters), for that sort of data, such protection is probably massive overkill, but I plan to use the same lib file (with some updating) as the basis for some e-commerce apps later on.

regards

Franki








One Response to “Secure web applications.”

  1. Red Deer Real Estate Agent Says:

    Thank you for this article. Keep up the good work and we will continue to support your web posts.
    Red Deer Real Estate Agent







This site is totally free to use, you have absolutely no moral or legal obligations to help us continue.
There are however, some costs involved in running the site.

<random humor>
Plus we have nearly doubled in visitors in the past week, (We hope :-).
</random humor>

So if this site helped you find your way, perhaps you could consider contributing to our costs. Whatever amount you feel this site was worth to you would be just wonderful.
Use PayPal if you do decide to share and help us with the costs and in appreciation for our time and attention, or alternatively buy a book from our Bookstore..


  Time  in  Don's  part  of the world is:   November 23, 2024, 5:47 pm
  Time in Franki's part of the world is:   November 24, 2024, 6:47 am
  Don't worry neither one sleeps very long!



privacy policy :: support us :: home :: live chat help
contact us :: forum ::tutorials :: bookstore :: Site Map



      Valid XHTML 1.0!             powered by Apache Server
Pic 3 Pic 3

SEARCH:
USEFUL LINKS:

CIGHTML Firefox Thunderbird ClamWin WordPress SpyBot S&D TheGIMP Apache for Windows Registry Cleaners More cool stuff:

//-->

HTMLfixIT Site Stats.

Browser Statistics
Internet Explorer 85.88%
IE 717.63%
IE 62.3%
IE 50.00%
IE other8.6%
Moz Firefox 3.x3.03%
Moz Firefox 2.x0.18%
Moz Firefox 0.x/1.x26.65%
Netscape 8.x0.00%
NS 6+/Mozilla2.73%
Moz Seamonkey0.00%
K-meleon0.00%
Epiphany0.00%
Netscape 4.x0.00%
Opera 9.x0.00%
Opera 8.x0.00%
Opera 7.x0.42%
Opera 6.x0.00%
Opera other0.42%
Safari Mac/Intel5.21%
Safari Mac/PPC0.06%
Safari Windows25.2%
Google Chrome1.51%
Konqueror0.18%
Galeon0.00%
WebTV0.00%


Resolution Statistics
640 x 4800.25%
800 x 60026.14%
1024 x 76836.55%
1152 x 8640.25%
1280 x 80011.68%
1280 x 8540.00%
1280 x 102417.01%
1400 x 10500.00%
1600 x 12001.02%
1920 x 12007.11%
2560 x 10240.00%


OS Statistics
Windows 741.55%
Windows Vista2.4%
Windows 20033.91%
Windows XP20.86%
Windows 20000.36%
Windows NT40.05%
Windows 98/ME0.05%
Windows 950.00%
Linux/UNIX/BSD8.76%
Mac OSX8.03%
Mac Classic0.00%
Misc14.03%



New Windows Virus Alerts
also by sophos.

17 Apr 2011 Troj/Mdrop-DKE
17 Apr 2011 Troj/Sasfis-O
17 Apr 2011 Troj/Keygen-FU
17 Apr 2011 Troj/Zbot-AOY
17 Apr 2011 Troj/Zbot-AOW
17 Apr 2011 W32/Womble-E
17 Apr 2011 Troj/VB-FGD
17 Apr 2011 Troj/FakeAV-DFF
17 Apr 2011 Troj/SWFLdr-W
17 Apr 2011 W32/RorpiaMem-A

For details and removal instructions, click the virus in question.