» » Security

 
Sort articles by: Date | Most Rates | Most Views | Comments | Alphabet

PHP security of the password hashing

Author: bamboo06 on 14-08-2019, 18:29, views: 100

0 Never know the user's password, we must encrypt the user's password, and can not save the user's original password directly in the database. Do not limit the user password format. If the format is specified, it may be exploited and cracked by the attacker. Of course, we need to limit the minimum length of the password. It is recommended to use at least 8 bits. The longer the better.
PHP security of the password hashing

For password security, developers need to:
1, absolutely can not know the user's password, we must encrypt the user's password, can not save the user's original password directly in the database.
2, do not limit the user password format, if the format is specified, it is likely to be exploited and cracked by the attacker, of course, we need to limit the minimum length of the password, it is recommended to at least 8 bits, the longer the better.
3, can not send the user password through the mailbox, when we develop the application to retrieve the password, the user password is not notified to the user by email, but the link to reset the password is sent to the user in the form of mail, let the user Go to reset the password.

Category: PHP Scripts

 

PHP security data filtering and verification

Author: bamboo06 on 28-07-2019, 18:26, views: 333

0 Never trust external input, don't trust any data from a data source that is not under your direct control. In actual development, there is always someone intentionally or unintentionally injecting dangerous data into PHP code, so PHP security programming becomes important. Generally, we deal with external input security ideas: filtering input and verifying data.
PHP security data filtering and verification

Filtering input means escaping or deleting characters that are not safe from external data.

Category: PHP Scripts

 

Internet Security 2014 Financial Report

Author: bamboo06 on 8-05-2015, 06:29, views: 1260

3 April 30, 2015, NSFOCUS released 2014 report Internet financial security. Reports collected in 2014 in the financial industry Internet 134 security vulnerabilities, Internet banking common security vulnerabilities statistics and in-depth analysis, and gives protection program design from a business point of view, including unauthorized exploit code protection, any user password modify malicious registration code protection, malicious SMS code protection. Report for Internet financial organizations and practitioners as a reference value. The following is the full report.
Internet Security 2014 Financial Report

Internet banking security situation is worrisome. According to incomplete statistics, by the end of 2014, nearly 165 since the hacking P2P platform caused system failures, data tampering, one waited in vain for looted funds. Currently many P2P platform overall risk level security technology with their business does not match, the lack of professionalism, the core technology to prevent hacker attacks, hackers take advantage of the opportunity to give, how to enhance platform security capabilities become a serious problem. Former vice president of People's Bank of China, the famous economist Wu Xiaoling said: "According to the latest report of the World Anti-Hacker Organization, China has become the world's hackers P2P lambs."

Category: Internet