Posts Tagged ‘security’

Control HTML without javascript

Wednesday, September 1st, 2010 by Rafael Corral

This is something I have known about for a long time. It is advanced and can mostly be used for Cross Site Request Forgeries (CSRF). Not that I condone these, but the best way to defend yourself against hackers is by knowing as much as they do.

In some cases users turn javascript off in their browsers (I do) for security reasons. HTML has just about no scripting capabilities if you discard the FOR attribute on the LABEL tag. It is possible to trick a user into submitting a form by them simply highlighting text on a page. The FOR attribute binds a label to another element, which is some sort of scripting, I guess.

Read the rest of this entry »

Tags: ,
Posted in Javascript | 4 Comments »

Uber fast JPhoto security release

Saturday, December 12th, 2009 by Rafael Corral

‘corePHP’ Community,

Today we where informed of a SQL injection for JPhoto. After significant review of this we realized that we made a minor mistake on our part and have pushed through an early release of JPhoto. You can find out more information about the exploit here: Secunia. This version comes with a few bug fixes and some new features which will be explained in a later blog post

To upgrade simply download and install the new version of JPhoto by installing it over the current one that you have, it packaged as an upgrade. If Joomla gives you errors on installing then you have the permissions set incorrectly on your site and you will need to uninstall JPhoto and install it again, just take note of all of the configuration settings!

Thank you for using JPhoto.

Tags: , , ,
Posted in Joomla | No Comments »

.htaccess Security

Saturday, February 28th, 2009 by Rafael Corral

htaccess jungle

Here is most of our .htaccess file. This is what I like to call the forefront of our site. It works just like a firewall. We have been using our .htaccess for a few months now and we love the results. I know it can occasionally be hard to find the right command to do the job, so I’d like to show you all of the lines, not just the ones that are security related. If you are not using Joomla! you will have to strip about ten lines from this.
Read the rest of this entry »

Tags: ,
Posted in Tools | 8 Comments »