Simon Willison’s Weblog

Subscribe
Atom feed for security

487 items tagged “security”

2002

Security and coding style

A couple of good web development security resources:

[... 127 words]

8:27 pm / 20th December 2002 / linux, security, xss, c

Remembering passwords

Via Scott, an article with some great tips on remembering your passwords. It includes the following vitally important tip:

[... 273 words]

2:23 am / 5th December 2002 / security, passwords, scott-johnson

XML security on SitePoint

Getting Started with XML Security is a SitePoint article of epic proportions. I had never really looked at any of the XML security applications but this article appears to cover the lot.

10:02 pm / 30th November 2002 / sitepoint, security, xml

OWASP Security guide

The Open Web Application Security Project (OWASP) have a free guide to building secure web applications, which covers a large range of common problems such as cross site scripting and SQL injection vulnerabilities. The report is a 60 page PDF and although I haven’t had time to go through it yet it looks like an excellent read.

9:19 pm / 24th November 2002 / owasp, security

How the RIAA was hacked

The Register: Want to know how RIAA.org was hacked? They had an un-password-protected admin panel listed in their robots.txt file. Muppets.

7:02 pm / 23rd September 2002 / security, robots-txt

Magic quotes solution

Pink Goblin (otherwise known as HarryF) explains why magic quotes are evil. This is an issue that every PHP developer should be aware of, as it can cause all kinds of problems in your scripts if you ignore it. He suggests using a custom myAddSlashes() function which only calls addslashes() if magic quotes are turned off. I have an alternative solution—chose your preferred setting (quotes on or off) and apply it at run time to all incoming data in one go. My code for doing this is available here. By a bizzare coincidence I wrote the script this morning, then spotted a link to the Pink Goblin article on tidak ada literally five minutes after finishing it.

11:24 am / 16th August 2002 / security, php

Palladium

Via Boing Boing: Seth Schoen’s notes on Palladium after a meeting with Microsoft. Cory Doctorow points out that Seth is probably the most knowledgeable tech person to have been briefed on Palladium by MSFT without signing an NDA and his post certainly makes interesting reading. Palladium has had a lot of coverage since the Newsweek article announcing it first broke, with Robert Cringely providing some of the best analysis (in my opinion at least). The Register also has a story about Palladium which introduces some more information and guestimates on a shipping schedule.

6:42 pm / 4th July 2002 / boingboing, security, robert-cringely, the-register, palladium, microsoft, sethschoen

Related