Posts tagged ‘security’

HTML filtering and XSS protection

March 21st, 2009

If you have been programming websites long enough you would know that user input is first think to worry about when thinking about security. It’s really hard to decide what data is acceptable, especially when user has permission to insert HTML content through form.
For example, if you are developing CMS you need to make sure [...]

Comments (6) | TrackBack URI

Scraping login requiring websites with cURL

February 23rd, 2009

Scraping websites with XPath is very easy (read here), but how to scrape user’s friends list from social website if it can be viewed only when user is logged in?
What we need to do is to implement algorithm, which posts login and password fields to website login form and uses the same PHPSESSID id for [...]

Comments (3) | TrackBack URI

PayPal payment with encryption

February 22nd, 2009

Recently phpfour.com posted very interesting library for payment gateways. In my situation, PayPal is only used to pay for orders – cart and order setup is done in our shop, so I do not want to have additional problems with users changing orders numbers, amount to be paid, etc. Today I’m going to show how [...]

Comments (2) | TrackBack URI