Is your Web application secure?

“No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer.”

An interesting article on Security Focus illustrates examples on PHP coding and vulnerabilities.
The attacks explained in the article are:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Username enumeration
http://www.securityfocus.com/infocus/1864

AMFPHP 1.0 milestone 2 alpha

Today Patrick released a new milestone of amfphp: Chnages in this alpha release:

  • Added new methodTable option (per method) “fastArray” => true|false for fast array serializing on return (will only make a difference for large multidimensional nested voodoo arrays)
  • Added new method Headers::getHeader($key) available from all services, also HeadersFilter.php added
  • Added FrontBase support
  • Added Pear::db support
  • Added CSV-based recordsets support
  • Renamed sql folder to adapters to fit with the CSV recordsets
  • Various bugfixes for PHP4 MethodTable class
  • Major overhaul of service browser, should work much better now
  • New actionscript template system for service browser, see browser/templates/ for examples
  • Added new return type binary that will write the value as a string but without charsetHandling
  • Added new return type raw that will write to the output stream directly (careful)
  • SSL with ie hopefully works now

Some new methods included recently, which you can use in the gateway.php file (for production env): – disableStandalonePlayer() Disables the standalone player by filtering out its User-Agent string – disableServiceDescription() Disable service description from Macromedia’s service browser – disableTrace() Disables remote tracing – disableDebug() Stops debug info from being sent (independant of remote trace setting)

amfphp project page