Snipplr

(PHP) Secure Your Cakephp Website By Following These Simple Steps! - cakephpexpert

Mon, 16 Mar 2015 21:58:17 UTC

Follow these steps to secure your Cakephp Website:

*Before you actually start using Security Component functionality, make sure you use $components = array (â€˜Securityâ€™, â€˜Authâ€™) in the array so you can extend its functionality in the other components as well.

*Set security level "Medium" or "High" (in core.php config file)

*Add single line of code to your controllerâ€™s before Filter () method: $this->Security->requireAuth(â€˜action_nameâ€™)

To assure more security, add few more lines of code in controller section:

$key = Security::generateAuthKey (); $this->set (â€˜safeâ€™, $key); $this->Session->write (â€˜safeâ€™, $key);

Or alternatively adding this code sequence in your view

echo $this->Form->create(â€˜Postâ€™); echo $this->Form->hidden(â€˜safeâ€™, $safe); echo $this->Form->input(â€˜titleâ€™); echo $this->Form->input(â€˜contentâ€™); echo $this->Form->end(â€˜Submitâ€™);

(C#) åˆ›å»ºSolted hash - gujingshui

Mon, 11 Aug 2014 13:41:43 UTC

æ¥è‡ªStockTrader Dbloader

(PHP) Simple PHP Backdoor Shell - shopsplash

Tue, 19 Nov 2013 06:17:54 UTC

Simple PHP Backdoor Shell // http://www.example.com/shell.php?cmd=dir

(PHP) Check University Email (.edu) - phpdev

Sat, 14 Sep 2013 10:26:02 UTC

**Example of use:** if (!isUniversityEmail('you@post.harvard.edu')) exit('You must have a valid and .edu email address to register for an account.');

(AutoIt) Quickly lock your PC and turn off the screen - deanhouseholder

Tue, 16 Apr 2013 16:39:53 UTC

This is a AutoHotKey.com script. It runs on Windows and allows you to lock your computer by simply hitting a single key combination and unlock it with a different one. Download the whole script at the url listed.

(SQL) Auditing SQL Server User and Role Permissions for Databases - edwinet

Fri, 08 Mar 2013 01:47:47 UTC

The sysprotects system table reports all of the permissions granted or denied in a given database. We'll need to join it with sysusers and sysobjects to get all the information we need. Here's an example query that only pulls information on objects (no CREATE TABLE permissions or anything else at the database level)

(PHP) Custom Logging Site Events - COBOLdinosaur

Sun, 27 Jan 2013 07:45:21 UTC

To keep up on important incidents on your site without having to dig through server logs the alternative can be custom logs.

(Bash) Remove malicious code injection from .php files - tinytiger

Tue, 20 Nov 2012 23:00:17 UTC

Using sed to recursively remove malicious code injection form .php files when the injected code follows the pattern

(PHP) Password storing/checking class. Keeping passwords safe. - ptodorov

Wed, 11 Jul 2012 16:48:14 UTC

Nice implementation of Blowfish for storing user passwords to prevent decryption when for example the user database is compromised. Origin: Burak Guzel@Nettuts

(PHP) Remove WordPress version meta - klagraff

Mon, 02 Jul 2012 02:54:14 UTC

Insert this in functions.php to remove WordPress version from being output in the header source code

(PHP) IP Blacklist Check Script - DNSBL

Sun, 15 Apr 2012 18:44:22 UTC

Enter any suspicious IP address that you wanted to check into the form field and press the "LOOKUP" button

(SQL) Maps an existing database user to a SQL Server login. - edwinet

Fri, 04 Nov 2011 07:47:25 UTC

(Windows Registry) how to compare IE security zone settings - theonlyalterego

Fri, 14 Oct 2011 04:36:48 UTC

IE Zone Analyzer allows comparing/importing/exporting of IE security zones

(MySQL) Create user & grant privilege - athome

Mon, 03 Oct 2011 05:31:49 UTC

(Apache) .htaccess protect directory - ropehead

Thu, 26 May 2011 07:04:15 UTC

also requires an .htpasswd file to be created in a secure directory

(C) .htaccess bot block and image theft - CKOink

Wed, 27 Apr 2011 10:41:21 UTC

Blocks bad bots, and image theft, allows visitors inside domains.

(PHP) WP Email Encoder Bundle - freelancephp

Mon, 14 Feb 2011 23:01:44 UTC

Encode mailto links and (plain) email addresses on your site and hide them from spambots. Easy to use, plugin works directly when activated. Features * Protect all emails and mailto links * Check posts, widgets, comments and RSS feeds * Encode all kind of content (text and html) * Email Encoder Form (in admin and also for your site) * Use params in mailto links, like: cc, bcc, subject, body * And more.

(Apache) http basic auth - neoandroid

Wed, 19 Jan 2011 23:18:36 UTC

(Apache) http auth via mysql - neoandroid

Wed, 19 Jan 2011 23:15:24 UTC

(Apache) Limit access by IP address - neoandroid

Wed, 19 Jan 2011 23:01:39 UTC

(PHP) Clean incoming POST data - kendsnyder

Tue, 18 Jan 2011 04:37:58 UTC

(C#) Check if user has a specific Role Definition - scholli

Tue, 04 Jan 2011 00:52:34 UTC

(Bash) Run Google Chrome with additional arguments settings under OSX - nonlinearsound

Wed, 08 Dec 2010 04:26:34 UTC

If you want to run Google Chrome with additional program arguments under OSX, one way, is to use "open" and its --args argument. Use it to start Chrome with the --allow-file-access-from-files setting (or any other). Create a link to it to run it faster next time.

(C#) Check if user has been assigned a specific Role Definition - scholli

Thu, 28 Oct 2010 06:58:15 UTC

(C#) Check if user is member of a SharePoint group - scholli

Wed, 27 Oct 2010 23:40:25 UTC

(Other) Close the mysql port (3306) from external access. - daipratt

Sat, 23 Oct 2010 02:01:45 UTC

The command you need to close the mysql port 3306 from external access. You need to use the 2 lines in the snippet below once you have connected to the server via SSH.

(Apache) .htaccess: No password for sub folder - arnekolja

Tue, 17 Aug 2010 20:45:16 UTC

Placing this in a .htaccess file in a sub folder you disable password security for this folder.

(C#) RunWithElevatedPrivileges - scholli

Fri, 13 Aug 2010 19:38:45 UTC

(Apache) .htaccess deny access to xml files - beneberle

Mon, 09 Aug 2010 01:05:03 UTC

(PHP) Change Default Joomla Database Table Prefix - beneberle

Sat, 07 Aug 2010 11:52:36 UTC

Substitute new_ placeholder in the second line with your new prefix. Run it: http://www.yoursite.com/rename.php and wait until it responds with an OK, usually after a couple of seconds. Delete the rename.php script. Edit the configuration.php file and find the line starting with var $dbprefix. It should look like this: var $dbprefix = \'jos_\'; Replace the old jos_ prefix with new prefix, i.e. the one used in the second line of your rename.php script.

(PHP) Remove Wordpress Version Number - mariusscheel

Tue, 06 Jul 2010 23:35:34 UTC

(Other) use .htaccess to blacklist undesired users and bots - mariusscheel

Tue, 06 Jul 2010 23:24:07 UTC

Apache can be used to ban undesirable people and bots from your website. With this code, weâ€™re telling Apache that everyone is allowed to visit our blog except the person with the IP addresses

(Other) Use .htaccess To Protect The wp-config File - mariusscheel

Tue, 06 Jul 2010 23:22:11 UTC

(PHP) WordPress - remove version number from head - josephknight

Mon, 05 Jul 2010 16:36:14 UTC

If your WordPress blog is outdated even by a few days and there's a security hole in your old version you could be seriously compromised without even knowing it. Trust me. This has happened to two of my clients and the fix is not easy. Usually, once compromised, you have to delete the blog and reinstall WordPress, then scour your theme and uploaded files before re-uploading to the server. Avoid this hassle (or worse damage to your blog) if you can.

(Apache) htaccess - disallow linking to images from outside your site - josephknight

Mon, 05 Jul 2010 16:31:05 UTC

Replace "mysite" with your own and this will block access to sites attempting to link to your images. Note, it's not necessarily always a bad thing for people to link to your images. If you run a blog, portfolio, or sales gallery, etc, you may actually want your images to show up in google image search results and the like. Careful that you're not blocking your goals along with the images. Make sure this script is for you.

(Apache) WordPress - .htaccess - protect config file - josephknight

Mon, 05 Jul 2010 16:26:18 UTC

The problem As a WordPress user, you probably know how important the wp-config.php file is. This file contains all of the information required to access your precious database: username, password, server name and so on. Protecting the wp-config.php file is critical, so how about exploiting the power of Apache to this end? Code explanation .htaccess files are powerful and one of the best tools to prevent unwanted access to your files. In this code, we have simply created a rule that prevents any access to the wp-admin.php file, thus ensuring that no evil bots can access it. Source * 10 Easy Ways to Secure Your WordPress Blog

(Apache) WordPress - .htaccess - block injection attacks - josephknight

Mon, 05 Jul 2010 16:17:18 UTC

The problem Protecting dynamic websites is especially important. Most developers always protect their GET and POST requests, but sometimes this is not enough. We should also protect our blog against script injections and any attempt to modify the PHP GLOBALS and _REQUEST variables. The solution The following code blocks script injections and any attempts to modify the PHP GLOBALS and _REQUEST variables. Paste it in your .htaccess file (located in the root of your WordPress installation). Make sure to always back up the .htaccess file before modifying it. Code explanation Using the power of the .htaccess file, we can check requests. What weâ€™ve done here is check whether the request contains a