Security Information and Review

Collection of security information and review

Archive for October, 2009

Piwik and Open Flash Chart Vulnerability

Author : Admin

In the Piwik with the Open Flash Chart Module has been discovered a vulnerability which can be exploited by malicious people to compromise a vulnerable system. The vulnerability exists in Piwik’s implementation of “open-flash-chart”, a module which resides in the “./libs/open-flash-chart/php-ofc-library” directory.

Piwik is an open source web analytics software with open sources and GPL licensed. … continue reading : Piwik and Open Flash Chart Vulnerability.

21 October 2009 at 02:06 - Comments

Best Practices to Build Web Application More Secure

Author : Admin

In this discussion, we will learn best practices to build web application more secure, such as tips and tricks. In the previous discussion, we have learned how to protect web application files but overall protect web application in every sections. We will discuss a set of best practices that if practiced will result in better security for our web applications.

In our web applications, we often use authentication information to restricted access to our applications. The best practices for this situation is store authentication data way from the web document tree and make sure our application read authentication related files from outside the web document tree. … continue reading : Best Practices to Build Web Application More Secure.

10 October 2009 at 17:11 - Comments

Controlling Access Web Application with Web Based Basic Authentication

Author : Admin

If we want to restrict access to our web based application, we can use web based authentication. In this discussion, we will learn how to protect our web based application with web based basic authentication. It’s simple authentication that it’s very common use in the world in various web server.

We can use our web server’s basic authentication scheme quite easily with .htaccess file in our web directory. In this example, we will restrict access to directory in our web based application : http://www.widyani.com/basic_auth. We can create and edit .htaccess file in the %DocumentRoot%/basic_auth, … continue reading : Controlling Access Web Application with Web Based Basic Authentication.

10 October 2009 at 01:33 - Comments

How to Protect Web Application Files

Author : Admin

When we build web application, all files in our web application becomes available for everyone. So, an attacker will try to find any holes in our web application or attack our data. How to protect sensitive file in our web application ..? In this discussion, we will learn step by step to protect our sensitive files in our web application.

The first step to control access to our sensitive file from visitor our web application with web server configuration. It’s assumed that we are using Apache web server and PHP as server side scripting. … continue reading : How to Protect Web Application Files.

10 October 2009 at 00:10 - Comments