I’ve been asked a few times now if there is a way to use encrypted MySQL connections in Magento. Most of the time it is when merchants are selling medical products and HIPAA requirements come into play. I am not an expert in HIPAA, nor do I want to be, but with the cost of vulnerabilities on the rise it made sense to at least look into it and get a good answer on how to do it.
I saw a tweet today concerning authentication. Monaco, at White House cybersecurity summit at Stanford, calls for replacing passwords with more secure technologies. — Paul Krill (@pjkrill) February 13, 2015 When reading that the
For giggles, here are examples of hashes for the SHA1, SHA256 and SHA512 hashing mechanisms. Code 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 echo
I found myself wondering what HTTPS variables were available in the $_SERVER variable today and didn’t find a specific list (and didn’t have mod_ssl installed). So as a public service, here is what my
I read a post tweeted by Chris Cornutt today. The basic gist of the article is that your security is only as strong as your most ethically-challenged developer. That got me thinking that we
I don’t talk much about security. This is mostly because it’s such a moving target. I’m also horrified that I might give bad advice and someone will be hacked because of me. But in
Chris Dale recently posted a horrifying article on his blog. It is called “Why it’s easy being a hacker – A SQL injection case study“. The most horrifying part of the post was that
A little while ago I had come upon the problem of having to store sensitive data in a user session. The solution that I (and several others came upon) was creating a mechanism for storing encrypted data in a session. But what we wanted to do was build something that didn’t have a single point of failure. We also wanted to build something portable. What we built was a simple Zend Framework session handler for storing sensitive data.
I recently posted an image on why you shouldn’t put phpinfo() calls in your code.
There were a couple of comments from people asking “why not?”
Here’s why not.
Go to Google
Search for inurl:phpinfo
Check out the results
At the time of writing there were 4 pages on the first result page that were broadcasting their settings.
Here’s another fun one. Search for “inurl:phpinfo root”. Lots more.
There’s a bunch of information that you will see.