Collaborate Disseminate
Imagine you have a website, for which you have configured a proper and secure session management / login system, using first-party / session cookies. Any interaction with that website is setup in the form of a REST API, so there are no HTM… Continue reading Is there a problem with the use of HTTP cookies as auth tokens in mobile apps?
To secure the file uploads to a PHP/Apache server, I have already implemented the following steps:
Solid upload validation from PHP Framework
Used own names for uploaded files
Place uploaded files in server directory outside + above web r… Continue reading Secure Serving of File Uploads on PHP Server without Root Config Possibilities? (Apache)
We’re trying to secure our upload forms in PHP regarding image uploads and PDF files. For this purpose, we’re currently trying to do the following in all cases, according to our research done so far:
Check MIME type
Check file size
Scan c… Continue reading Validate File Uploads in PHP: PDFs and images
Imagine the scenario where you have a client who wants you to implement calls to an external API on a landingpage that you’ve setup for them. The external API works based on a contract and API keys which are obtained through that contract;… Continue reading Authenticate requests from landingpage to API passing through proxy
I interact with some API’s that use PKA and I’m looking for the safest / best-practice way to store my secret key. The approaches I know are for example:
Create a 0500 access directory on my server
Within that directory, store the file co… Continue reading Best and safest way to store secret key used for PKA on server?
It’s the first time I’m using encryption in MariaDB, so I need to assure that I’m getting it right. I need to simply store some identifiers in an encrypted way, and am wondering if I’m doing it correctly. As I’m getting some unexpected beh… Continue reading Properly encrypt data fields in MariaDB