All Questions
13 questions
3votes
1answer
454views
Does it make sense to have the application block users by IP as well as the firewalls?
I am planning to create a system, but I still have some questions about security. I would like to know if it makes sense to block unauthorized users from accessing the system, through the ip, using a ...
- 143
2votes
1answer
317views
What is the recommended way to generate API tokens using Laravel framework?
I'm a newbie in terms of security, but I need a suggestion to make sure the connection between an API and mobile apps is secure. I'm currently using the Laravel framework. Based on its documentation ...
- 133
51votes
9answers
52kviews
Is it bad practice to use GET method as login username/password for administrators?
I work on web applications and as you know, having an administrator panel is a must in most cases. We can see that a lot of web applications have a specific login page for administrators in which ...
-1votes
2answers
512views
Block requests containing URL of other websites
GET / HTTP/1.1" 200 166113 "-" "Mozilla/5.0 (compatible; dsada/2.0; +http://www.asd.com/search/asddd.html) I found this request repeated continuously in my logs. How can I prevent this (requests ...
1vote
1answer
1kviews
SQL queries using SQL Injections do not work as I think they should
I am trying to learn about SQL Injections. I have created a login form using PHP (I am quite new to PHP) as backend scripting language and MySQL as DBMS. Last day I asked a question about SQL ...
- 175
-1votes
1answer
800views
Do I need to detect user's device for "remember me" system? [closed]
I'm following solution #1 of this answer. After a while, there will be some redundant rows in the table. Suppose this table: // cookies +---------+-------------------------+------------------+--------...
- 163
0votes
1answer
2kviews
AngularJS - Can a response from an $http.post to PHP be modified?
I have an angularJS $http.post that sends username/password to a PHP file that then queries my database to verify a successful log in. I then return a JSON object back to angularJS in one of the ...
- 101
1vote
2answers
374views
Are there any flaws in my design for a paper-based OTP grid?
I'm trying to implement two-factor authentication on the cheap for a website of mine. My bank uses this sort of grid-based OTP system, so I wanted to emulate it in my application: Cards are generated ...
- 445
9votes
3answers
41kviews
Is there any SQL injection for this PHP login example?
I want to write a login form, and I got one example from the web. I want to know, if there is any SQL injection for this code? If there is, what could the exploit's web form entry look like? This is ...
- 101
2votes
4answers
2kviews
When logging out of a website is anything else required then destroying the session?
In PHP, I'm not sure if I should start the session before destroying it when a user wants to log out. session_start(); session_destroy(); Is there anything else that needs to be done? EDIT: I ...
- 10.2k
0votes
1answer
763views
Protect database resources from fake data inputs via web forms
Scenario: I'm working on a project that needs to accept large amounts of data (customer data) from its users. So it can be normal to have a user trying to add 10,000 or 100,000 records at a time. In ...
4votes
2answers
1kviews
Attack vectors in POSTing variables from one php script to the next?
I have an application which is structured in the following way for its signup page. After this signup, the user is directly granted access into the system - there is no email verification (as intended)...
- 141
69votes
6answers
37kviews
How to Securely Implement a "Remember Me" Feature?
Assuming you already have a website that implements all of the standard login stuff, what is the correct and most secure way to allow users to automatically be logged in for a certain time period (let'...
- 903
