Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] safe_mode directive, limitations of safeguards, transparency of salting passwords Schneier, Bruce (Applied Cryptography) security practices for principles of SecurityFocus web site semantic URL attacks sensitive transactions, requiring authentication for session data encrypting 2nd exposed 2nd managing whether to filter session fixation session hijacking 2nd session identifier obtaining regenerating at session initiation regenerating for change in privilege regenerating on every page session injection session_regenerate_id() function session_set_save_handler() function 2nd 3rd 4th session_start() function Set-Cookie response header set_error_handler() function 2nd SetEnv directive shared hosting exposed session data exposed source code with filesystem browsing safe_mode directive and security level attainable with session injection shell commands, command injection and shell_exec() function 2nd Simple is Beautiful principle source code, exposed 2nd spoofed form submissions spoofed HTTP requests SQL injection 2nd SQLite databases, not storing in document root SSL minimizing exposed data preventing password sniffing stateless protocol, disadvantages of strings evaluating as PHP replacements using patterns superglobal arrays 2nd symmetric cryptography system commands, command injection and system() function 2nd |