Need secure passwords that are not completely unintelligible? Devise a personal password policy: Select three or four words from a dictionary. Consider using adverbial forms, past and present tense of verbs. Consider using singular and plural forms of nouns. Avoid idioms. Pick a number. Consider inserting leading 0s. Pick a symbol: !@#$%^&*()-_=+ Assemble the above […]
Implementing code that simply displays a user’s IP address as part of an HTML page may be considered easy. Without security considerations, it can be implemented in PHP simply with the following: echo “IP: ” . $_SERVER[‘REMOTE_ADDR’]; 2011 CWE/SANS Top 25: Monster Mitigations recommends establishing and maintaining “control over all your inputs” and “control over […]
Being sometimes required to call a particular method before an object is disposed emits a pungent code smell. In particular recently reviewed code, invoking an asynchronous Flush() method was sometimes necessary before a MyStream object was disposed, because asynchronous methods would be otherwise called from Dispose(), which does not wait for completion of those asynchronous […]
My 2004 Honda Civic LX Sedan reached 250,000 mileson August 29, 2019.
Recent assignments that focus my efforts on securing web applications have motivated me to review the security of my personal websites. PHP code that I implemented 15 years ago is still used by my websites today. With the experience I gained over the years, and my current effort to acquire deep familiarization with security practices, […]