Thursday, May 13, 2010

Session fixation Attack

This kind of attack actually set your session to certain id which the server recognise and store the session by that id.

For example:
www.example.com/?PHPSESSID=AEXAMPLEOFHARDCODESESSIONID

So when user click on the link, user will find that he/she need to login.
When user logged in, the session will be active on "AEXAMPLEOFHARDCODESESSIONID".

This way, attacker can access the same url from another machine and have access to the logged in session.

Solution
Everytime the user login, reset the session id to a new id. This way, a new session id is set on every login attempt. Remote attacker will not be able to guess the id being used as its generated randomly by server.

Reference:

Monday, May 10, 2010

PHP on Apache Vs IIS

There are many variables which only available on apache, but not on IIS.
Here are a good list of items available on both apache and IIS.

Sunday, May 9, 2010

Multi-lingual codes with countries

This are reference to some who will find it useful to develop multi-lingual website.

List of Language Codes:

Here are some flag icons you may use:

Wednesday, May 5, 2010

TimeZone list for php and iCal

Sample iCAL:
BEGIN:VCALENDAR CALSCALE:GREGORIAN X-WR-TIMEZONE;VALUE=TEXT:US/Pacific METHOD:PUBLISH PRODID:-//Apple Computer\, Inc//iCal 1.0//EN X-WR-CALNAME;VALUE=TEXT:Example VERSION:2.0 BEGIN:VEVENT SEQUENCE:5 DTSTART;TZID=US/Pacific:20021028T140000 DTSTAMP:20021028T011706Z SUMMARY:Coffee with Jason UID:EC9439B1-FF65-11D6-9973-003065F99D04 DTEND;TZID=US/Pacific:20021028T150000 BEGIN:VALARM TRIGGER;VALUE=DURATION:-P1D ACTION:DISPLAY DESCRIPTION:Event reminder END:VALARM END:VEVENT END:VCALENDAR
List of time zones code:
http://www.php.net/manual/en/timezones.america.php