Latest Posts - Page 3
Each year The State newspaper submits FOIA requests to all state agencies and compiles a database containing salaries of all employees making at least $50,000. This data is then made freely available through a useable but fairly crappy little web interface provided by Caspio.
You shouldn’t use raw MD5 or SHA1 password hashes for storing authentication info, you should absolutely always use a randomized salt (bonus points for using something like Blowfish or PBKDF2 with a high number of iterations).
Unfortunately at work I’m stuck hosting PHP on various versions of Windows with IIS. For the most part things do just run (though I yearn for a nice Nginx + PHP-FPM setup that has decent URL rewriting), but figuring out what security settings to change so that PHP can write to a particular file or directory has always been a problem.
I don’t often have to deal with file uploads, but this morning I had to include one on a form I was developing for a project at work. I know Kohana has a decent Validation class and even provides an Upload helper for actually moving the file into place, but the examples were all spotty and / or confusing in different ways.