Am I being overly zealous about "proper SSL implementation?" [more inside]
posted on Jun 30, 2008 - 22 answers

Apache2 security theory; mod_php versus CGI php and the use of suExec: What is the non-theoretical problem with running Apache2 with mod_php and thus without using suexec on a dedicated system? [more inside]
posted on Jun 10, 2008 - 7 answers

Security requirements for a php website login system. [more inside]
posted on Mar 10, 2008 - 9 answers

Is there any simple way to encrypt the information in a web form and deliver it via email? [more inside]
posted on Aug 31, 2007 - 16 answers

How to do separation of public and private data on the web with PHP/MySQL? I'm creating a website for a business, with 2 sections - public and admin (staff). The admin section is secured with .htaccess and is intended to be used by office staff to enter customer requirements as they come in, and edit product listings. However, I worry about the security and suspect there is probably a better way. [more inside]
posted on Aug 28, 2007 - 8 answers

I’m working on a PHP/MySQL app and would like to ensure my security is up to scratch – need tips on authentication, globals and input sanitization. [more inside]
posted on Mar 30, 2006 - 28 answers

Can you use mail() in PHP without creating an unsecure, open mail relay boon to spammers everywhere? I keep trying to read This Page, and I think I understand it, but I'm not sure. [more inside]
posted on Dec 28, 2005 - 9 answers

WebSecurityFilter: I'm looking for a PHP or CGI script which would redirect a user to their password protected folder when they enter their username and password. [more inside]
posted on Dec 21, 2005 - 4 answers

Due to "security concerns," my web host provider has just banned two Form-to-email scripts (Formmail and NMS Formmail). Now I'm hard up to find a replacement. Any ideas? I'd prefer a solution that doesn't require a mastery of PERL to configure.
posted on Jan 17, 2005 - 4 answers