How can I block browser access to MP3 files, yet allow streaming? [more inside]
Can you help me understand how to approach a couple issues of server security. (1) I want to run things in 'silos', so that if someone from the web has hacked and has code level access to example.com/blog they can't query the db of example.com/app (2) If they do get access to a user database, how do I make it harder for them to figure out passwords (beyond just storing them as md5)? [more inside]
A webhost my company uses just changed the security settings and now Joomla no longer works correctly. Are these new security settings industry standard and what should I do? [more inside]
I have a new EeePC 1000HE with Windows XP, which I want to use for both web development and casual web browsing. Are there security issues with installing Apache and PHP on a machine that is also used to access public wireless internet? If so, what steps can I take to make my netbook more secure?
I have users logging into XOOPS running on IIS, and have an instance of the Jetty JSP webserver configured to serve up Eclipse's Infocenter system. How can I set up security so that no users can view the Jetty-served content without being authenticated first in a XOOPS session off of IIS? [more inside]
Am I being overly zealous about "proper SSL implementation?" [more inside]
Apache2 security theory; mod_php versus CGI php and the use of suExec: What is the non-theoretical problem with running Apache2 with mod_php and thus without using suexec on a dedicated system? [more inside]
Security requirements for a php website login system. [more inside]
Is there any simple way to encrypt the information in a web form and deliver it via email? [more inside]
How to do separation of public and private data on the web with PHP/MySQL? I'm creating a website for a business, with 2 sections - public and admin (staff). The admin section is secured with .htaccess and is intended to be used by office staff to enter customer requirements as they come in, and edit product listings. However, I worry about the security and suspect there is probably a better way. [more inside]
I’m working on a PHP/MySQL app and would like to ensure my security is up to scratch – need tips on authentication, globals and input sanitization. [more inside]
Can you use mail() in PHP without creating an unsecure, open mail relay boon to spammers everywhere? I keep trying to read This Page, and I think I understand it, but I'm not sure. [more inside]
WebSecurityFilter: I'm looking for a PHP or CGI script which would redirect a user to their password protected folder when they enter their username and password. [more inside]
Due to "security concerns," my web host provider has just banned two Form-to-email scripts (Formmail and NMS Formmail). Now I'm hard up to find a replacement. Any ideas? I'd prefer a solution that doesn't require a mastery of PERL to configure.