How-to articles, tricks, and solutions about SECURITY

best practice to generate random token for forgot password

A common practice for generating a random token for a "forgot password" feature in PHP is to use the built-in functions random_bytes and bin2hex.

php random security timestamp token

Generating cryptographically secure tokens

In PHP, you can use the built-in function random_bytes() to generate cryptographically secure random bytes, which can then be converted into a token.

php openssl security token

How can I prevent SQL injection in PHP?

There are several ways to prevent SQL injection attacks in PHP.

php sql MySQL security sql-injection

How can I sanitize user input with PHP?

There are several ways to sanitize user input in PHP, depending on the type of data and how you plan to use it.

php security sql-injection xss user-input

How to fake $_SERVER['REMOTE_ADDR'] variable?

It is generally not recommended to fake the $_SERVER['REMOTE_ADDR'] variable, as it can lead to security vulnerabilities and potential abuse of the system.

php security

Java Error: "Your security settings have blocked a local application from running"

If you are getting the error "Your security settings have blocked a local application from running" when trying to run a Java application, it means that your security settings are preventing the application from running.

java security applet

PHP setcookie "SameSite=Strict"?

The "SameSite=Strict" attribute is a security feature that can be added to a cookie when using the PHP setcookie() function.

php cookies security

Secure hash and salt for PHP passwords

To securely hash and salt passwords in PHP, you can use the password_hash function.

php hash security passwords

Why is char[] preferred over String for passwords?

It is generally considered more secure to use a char[] array to store passwords because it can be wiped from memory more easily than a String object.

java string char security passwords