AUTH

AUTH


PHP htmlspecialchars()

https://humanwhocodes.com/blog/2009/05/12/cookies-and-security/

https://auth0.com/docs/best-practices/token-best-practices

Session hijacking attacks:

  1. only send cookies over SSL
  2. generate a session key in some random fashion and/or a way that is based on information about the user (username, IP address, time of login, etc.)

XSS attacks:

  1. Don’t include JavaScript from untrusted domains. The CDNs of large companies such as Yahoo!, Google, and AOL should be safe; use extreme caution when including from other locations.
  2. Filter out HTML from all user input or otherwise sanitize the input. Never accept user input and output onto a page without some sort of filtering.


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org