Category Archives: programming

PHP array tips

Some tips.

1. Remove duplicates in array using array_unique

array array_unique ( array $array [, int $sort_flags = SORT_STRING ] )

2. Remove empty elements use array_filter

array array_filter ( array $array [, callable $callback [, int $flag = 0 ]] )

3. value is in the array use in_array

bool in_array ( mixed $needle , array $haystack [, bool $strict = FALSE ] )

4. key exist in array use array_key_exist

bool array_key_exists ( mixed $key , array $array )

 

Web application security

Below are some security checklist for a web application.

  1. Login screen
    1. to avoid brute force attack, display captcha after 3-5 attempts from same IP
    2. enforce longer password more than 8
  2. Registration (or open form)
    1. display captcha for all form to submit
  3. SSL is a must. free or paid
  4. displaying primary id for table in URL must be avoided, use other ID instead. E.g. a secure id consisting of unique 10 randomized alphanumeric

Ways to filter bots

 

  1. Most popular is recaptcha by google
  2. Honeypot technique – include a hidden field, if it is filled, then it is a robot
  3. A simple random questions. E.g. is fire hot or cold , five – 3 is ___
  4. http://nomorecaptchas.com/ (with price)
  5. https://visualcaptcha.net/ (no longer developed but they claim it still work)
  6. Algorithm
    1. after 5 failed attempt, lockout IP for 15 minutes
    2. if 5 times lockout, lockout IP for 24 hours
    3. if 3 times lockout, blacklist IP permanently (option for sys admin to clear)
  7. More alternatives