February, 2005

PHP Security Consortium is working on a PHP security guide. The guide is based on the PHP security workbook written by Chris Shiflett.
- PHP security guide

I like secure PHP applications, and I don't like cookies. I wanted my PHP application to be cookie independent, but still wanted to use the native sessions support. Passing the session id in the url is the only option, but it's not secure..

Bruce Schneier writes in his blog:

SHA-1 has been broken. Not a reduced-round version. Not a simplified version. The real thing.

...

This attack builds on previous attacks on SHA-0 and SHA-1, and is a major, major cryptanalytic result. It pretty much puts a bullet into SHA-1 as a hash function for digital signatures (although it doesn't affect applications such as HMAC where collisions aren't important).

Welcome back!

After an extreme makover on my server, I never brought this site back to life because of all the spamming. Well, after talking to Zef Hemel today, he showed me this. So I figured i should give it a go.

Since I have changed platform from Windows XP to FreeBSD and Gnome I'm looking for a nice PHP IDE, and i stumbled over PHPeclipse, a Eclipse PHP plugin. So far it looks great!