A blog about tech, programming, security, and various other subjects.
Found 21 results for your search query or tag selection. Clear search.
Why I still use PHPTags: webdevelopment. Everbody seems to be against PHP nowadays. Well, not everyone, just the people with the loudest voices. In real life, I've never met anyone who disliked PHP. Online, there've been plenty.
So why is this? It's usually like this with something a minority finds bad. Cookies aren't really harmful, but people shouted enough until they got banned in the EU. Even before the ban, cleaning programs and even anti-virus makers (who you'd think know better) removed tracking cookies.
And yes, tracking cookies are slightly harmful for your privacy, but so is using the internet. You can be identified in numerous other ways, a cookie is more of an easy solution and a fail-safe.
Let's do a show-by-example, but try to guess for before clicking the button!
CSRF: It's not trivialTags: security, webdevelopment, websites. In the past few weeks I've found two websites with CSRF vulnerabilities. I wasn't really looking for it, but when they don't require me to enter my current password to change the password (or e-mail address, by which the password can be reset), it raises flags.
So what can you do with a CSRF vulnerability?
In one case, I could easily have gained myself admin permissions on a website with thousands of visitors a day.
The other, I'm not entirely sure what the extent was, but certainly get myself access to FTP accounts from websites.
CSRF stands for Cross-Site Request Forgery. It works like this:
For example for my website playbylyrics.com I wanted to enable users to download the MP3 of what they were listening.