Comments for php security blog http://phpsecurity.wordpress.com security threads for web developers from bernd essl Sat, 25 Apr 2009 22:32:12 +0000 http://wordpress.com/ hourly 1 Comment on Is this application written in php or not? by Slavi http://phpsecurity.wordpress.com/2007/11/06/is-this-application-written-in-php-or-not/#comment-124 Slavi Sat, 25 Apr 2009 22:32:12 +0000 http://phpsecurity.wordpress.com/2007/11/06/is-this-application-written-in-php-or-not/#comment-124 It should be working. You can try it with a example from http://www.tizag.com/phpT/phpsessions.php It should be working.
You can try it with a example from http://www.tizag.com/phpT/phpsessions.php

]]> Comment on Automated testing with Selenium IDE by Todor http://phpsecurity.wordpress.com/2007/11/24/automated-testing-with-selenium-ide/#comment-121 Todor Fri, 24 Apr 2009 12:14:04 +0000 http://phpsecurity.wordpress.com/2007/11/24/automated-testing-with-selenium-ide/#comment-121 The extension is very useful. Use it to automate some your tests and you will save a lot of your time. The extension is very useful. Use it to automate some your tests and you will save a lot of your time.

]]> Comment on Is this application written in php or not? by Todor http://phpsecurity.wordpress.com/2007/11/06/is-this-application-written-in-php-or-not/#comment-120 Todor Fri, 24 Apr 2009 12:07:17 +0000 http://phpsecurity.wordpress.com/2007/11/06/is-this-application-written-in-php-or-not/#comment-120 It is really works. Are there more Easter eggs? It is really works. Are there more Easter eggs?

]]> Comment on Is this application written in php or not? by Slavi http://phpsecurity.wordpress.com/2007/11/06/is-this-application-written-in-php-or-not/#comment-119 Slavi Fri, 24 Apr 2009 11:55:24 +0000 http://phpsecurity.wordpress.com/2007/11/06/is-this-application-written-in-php-or-not/#comment-119 .... That's true unless you do change it before session_start call: string session_name ([ string $name ] ) http://ca.php.net/manual/en/function.session-name.php …. That’s true unless you do change it before session_start call:

string session_name ([ string $name ] )

http://ca.php.net/manual/en/function.session-name.php

]]> Comment on Subversion a security risk? by Arne Vogel http://phpsecurity.wordpress.com/2007/11/12/subversion-a-security-risk/#comment-99 Arne Vogel Tue, 03 Feb 2009 17:08:40 +0000 http://phpsecurity.wordpress.com/2007/11/12/subversion-a-security-risk/#comment-99 "^.svn" will only match directly underneath DocumentRoot. Here is my take at it: "(^|/)\.svn(/|$)". I.e. this matches any of .svn .svn/something something/.svn something/.svn/something “^.svn” will only match directly underneath DocumentRoot. Here is my take at it: “(^|/)\.svn(/|$)”. I.e. this matches any of

.svn
.svn/something
something/.svn
something/.svn/something

]]> Comment on (evil) Register Globals (on) by b23 http://phpsecurity.wordpress.com/2007/11/07/evil-register-globals-on/#comment-71 b23 Wed, 30 Jul 2008 21:24:21 +0000 http://phpsecurity.wordpress.com/2007/11/07/evil-register-globals-on/#comment-71 Thank you Bijay Rungta! Thank you Bijay Rungta!

]]> Comment on (evil) Register Globals (on) by Bijay Rungta http://phpsecurity.wordpress.com/2007/11/07/evil-register-globals-on/#comment-70 Bijay Rungta Wed, 30 Jul 2008 18:06:17 +0000 http://phpsecurity.wordpress.com/2007/11/07/evil-register-globals-on/#comment-70 The register_globals directive is disabled (register_globals = Off) by default in PHP versions 4.2.0 and greater in the php config (php.ini). While it doesn’t represent a security vulnerability, it’s a security risk. The text is a little misleading.... The last para should have read as While leaving [emphasize]register_globals [emphasizeEvenMore]On[/emphasizeEvenMore][/emphasize] doesn’t represent a security vulnerability, it’s a security risk. I had come here to confirm what is good and what's bad..... Thanks a lot.. Bijay Rungta The register_globals directive is disabled (register_globals = Off) by default in PHP versions 4.2.0 and greater in the php config (php.ini). While it doesn’t represent a security vulnerability, it’s a security risk.

The text is a little misleading….
The last para should have read as
While leaving [emphasize]register_globals [emphasizeEvenMore]On[/emphasizeEvenMore][/emphasize] doesn’t represent a security vulnerability, it’s a security risk.

I had come here to confirm what is good and what’s bad…..

Thanks a lot..

Bijay Rungta

]]> Comment on Automated testing with Selenium IDE by Johny http://phpsecurity.wordpress.com/2007/11/24/automated-testing-with-selenium-ide/#comment-65 Johny Mon, 23 Jun 2008 13:07:56 +0000 http://phpsecurity.wordpress.com/2007/11/24/automated-testing-with-selenium-ide/#comment-65 It s nice for frontend Testing where you watch but for real automated one it seems to be not usable yet It s nice for frontend Testing where you watch but for real automated one it seems to be not usable yet

]]> Comment on Books by Tobias Wassermann http://phpsecurity.wordpress.com/books/#comment-59 Tobias Wassermann Tue, 27 May 2008 21:54:18 +0000 http://phpsecurity.wordpress.com/books/#comment-59 Hi, ich wollte eigentlich schon länger einmal Danke für die Rezension meines "Sichere Webanwendungen mit PHP"-Buchs sagen, jetzt schaffe ich es endlich einmal. Gruß Tobias Hi,

ich wollte eigentlich schon länger einmal Danke für die Rezension meines “Sichere Webanwendungen mit PHP”-Buchs sagen, jetzt schaffe ich es endlich einmal.

Gruß

Tobias

]]> Comment on Automated testing with Selenium IDE by Mamzee http://phpsecurity.wordpress.com/2007/11/24/automated-testing-with-selenium-ide/#comment-48 Mamzee Mon, 17 Mar 2008 20:35:06 +0000 http://phpsecurity.wordpress.com/2007/11/24/automated-testing-with-selenium-ide/#comment-48 Real helpful man! I needed to test a page I had written in asp.net, and having heard of Selenium I downloaded it, but didn't know how to work with it. Until I came around your blog... Thanks! Real helpful man! I needed to test a page I had written in asp.net, and having heard of Selenium I downloaded it, but didn’t know how to work with it. Until I came around your blog…
Thanks!

]]>