Because you can never know too much, and it’s about time I wrote a follow-up to my PHP Script Checklist article. 1. Never include sensitive data in a .inc When I started my current job, one of the first things I did was move all of the database connection details (yes, that includes passwords) from… read full entry »

Usually if I don’t have the time to review a script I advise people to Google for security issues. Except, with the recent problem surrounding the false reports of a login issue with my scripts, it’s becoming more and more apparent that we can’t rely on only Google. Amongst good advice (of which there is… read full entry »

Some little asswipe sent in a vulnerability report to securityfocus.com (the same site Amelie had faux report problems with; which just happens to mirror to thousands of blogs and security websites across the Internet) claiming that there’s a login issue in BellaBiblio and BellaBook/BellaBuffs (he couldn’t make his mind up with that one) making them… read full entry »

On the 2nd of July (this year) a friend of mine received an e-mail from “Frozen Midnight, LLC” hosting. The e-mail contained threats of legal action and the involvement of local law enforcement because my friend’s account had apparently been caught breaking the Frozen Midnight terms of service. In a fluster, my friend agreed to… read full entry »

As well as updating my Unsafe Scripts page to give more clarification about which scripts are bad and which are not (with funky icons!) I have also added two new brief reviews… Link Up Free Link Up Free is susceptible to more complex SQL injection through the search box, executing any code that is entered… read full entry »

As you may or may not have heard, there was a recent security breach at DreamHost affecting roughly 3,500 accounts (and they were just the ones they admitted to). I don’t know the exact details of the hows and whys, but I do know that the most common ‘side effect’ is that people are finding… read full entry »

In my spare time I like to review free PHP scripts. This is a log of my findings. Section skip links: Guestbooks, Fanlisting Management Scripts, FAQ/Ask & Answer Scripts, Forms/Form Mailers/Auto Forms, Directory Scripts, Miscellaneous Guestbooks Script skip links: Simpbook, XueBook SimpBook SimpBook, one of the old CodeGrrl scripts, not only contains a cross site… read full entry »

As those of you who read my Asides (see sidebar) will have noticed, I’m in the process of re-writing some of my pages. I started with my ‘About Jem‘ section, revising the information that I display about myself. While I haven’t added or taken away any information really (simply changed the formatting), it did get… read full entry »

Due to the relative simplicity of PHP, more and more young webmasters are getting their hooks into scripting. This can be a good thing — it increases the range of functionality and fun that we can add to our websites without the need to learn how to code ourselves — the problem is, a lot… read full entry »

A CAPTCHA is “a type of challenge-response test used in computing to determine whether or not the user is human” (source). More specifically this little rant is aimed at the variety of images containing letters and/or numbers which may be distorted, placed on a background or otherwise messed with to supposedly prevent non-humans from getting… read full entry »