Blogs

Avoid Click Jacking attack on PHP

For PHP, you can use.

header("X-FRAME-OPTIONS: DENY");

This is only supported in modern browsers, IE8+, Firefox 3.6.9, Safari 4 and Chrome. For older browser, you would also require some JavaScript.

You can do that with JavaScript

if( (self.parent && !(self.parent===self))

&&(self.parent.frames.length!=0)){

self.parent.location=document.location

}

This will redirect from page that opens your page in iframe to your page.

Git Ignore

Add the Directory or file in .gitignore

Example:
app/cache/**/*
web/media/cache/**/*

And now Delete the Cache:
git rm --cached -r web/media/cache
git commit -m "Delete the Cache Files"2:49 PM

Note : First commit the changes for getting the reflection

Git Short Tutorial

1). Git is a distributed version control system.
2). The core of Git was originally written in the programming language C but Git has also been re-implemented in other languages, e.g. Java, Ruby and Python.
3). Bare repositories are used on servers to share changes coming from different developers
4). Non-bare repositories allow you to create new changes through modification of files and to create new versions in the repository
5). If you want to delete a Git repository, you can simply delete the folder which contains the repository.

Git Commands List

Step by step Git commands:
1). git init --bare : Create a bare repositary on remote server
2). git clone "path of the server repo" : For cloning the repositary on local system
3). cd "name of repo" : Change the directory to the repo directory
4). gedit file1.php : create a file in local repo
5). git add file1.php : Adding the file into the staging
6). git commit -m "Messgae" : Commiting the file on the staging server

Major Secuirty Points for PHP

  • Newer include, require, or otherwise open a file with a filename based on user input.
  • Be careful with eval()
  • Be careful when using register_globals = ON
  • Never run unescaped queries
  • For protected areas, use sessions or validate login every time
  • Types of attack for PHP : XSS, CSRF, SQL Injection, Local and Remote File Inclusion, File Uploads
  • Disable all the errors reporting and set display errors to OFF.
  • Allways set the expose_php = OFF in php.ini, it hides the PHP version information.

Pages