🐘 PHP Digest

43 result(s) for β€œsecure”

1
yiisoft/yii2

Yii 2: The Fast, Secure and Professional PHP Framework

GitHub β–² 14.3k yiisoft 11h ago ⚠ Safety
2
twigphp/Twig

Twig, the flexible, fast, and secure template language for PHP

GitHub β–² 8.4k twigphp 1d ago ⚠ Safety
3
AtalayaLabs/OxiCloud

☁️ Ultra-fast, secure & lightweight self-hosted cloud storage — your files, photos, calendars & contacts, all in one place. Built in Rust.

Self-hosted File management
Trendshift β–² 81 AtalayaLabs 9d ago ⚠ Safety
4
Automattic/woocommerce-payments

Securely accept major credit and debit cards, and allow customers to pay you directly without leaving your WooCommerce store. View and manage transactions from one convenient place - your WordPress dashboard.

GitHub β–² 190 Automattic 2d ago ⚠ Safety
5
The challenge for 2019 has just got real

I am a regular listener to the Security Weekly Podcasts Network, that includes Hack Naked News, Business Security Weekly, Enterprise Security Weekly, Secure Digital Life and Application Security Weekly. I really love their shows and over the years I've been listening to them, I …

Blogs dragonbe.com πŸ’¬ 1 M. van Dam 91mo ago
6
Is the HTTP Plugin for MySQL secure?

The HTTP Plugin for MySQL offers three APIs: REST-like CRUD, REST-like JSON DOCUMENT and SQL. The SQL API lets you run any SQL you want. Including, for example, DROP mysql.users if you mess up your setup. Insecure? It depends on your viewpoint. It’s more than just another …

Blogs blog.ulf-wendel.de πŸ’¬ 1 admin 143mo ago
7
Secure Firewall Setup

You can view current firewall rules via sudo iptables -L -v. In this video, we'll add to the input chain, which controls incoming (ingress) traffic: sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT sudo iptables -…

Blogs serversforhackers.com 74mo ago
8
Secure SSH Setup

We configure SSH to be a bit more secure. We enforce the use of SSH-key based access and ensure that the root user cannot log in over SSH directly. Edit /etc/ssh/sshd_config: # Important PermitRootLogin no PasswordAuthentication no # Double check these PubkeyAuthentication yes P…

Blogs serversforhackers.com 74mo ago
9
Secure User Setup

We start by creating a new user and authorizing SSH-based access for an SSH key pair. sudo adduser fideloper # Locally: # cd ~/.ssh # ssh-keygen -o -a 100 -t ed25519 -f id_ed # cat id_ed.pub | pbcopy # Back on server when logged in as user "fideloper": echo "your-public-key" &gt…

Blogs serversforhackers.com 74mo ago
10
YubiKey for SSH, Login, 2FA, GPG and Git Signing

I've been using a YubiKey Neo for a bit over two years now, but its usage was limited to 2FA and U2F. Last week, I received my new DELL XPS 15 9560, and since I am maintaining some high impact open source projects, I wanted the setup to be well secured. In addition to that, I ca…

Blogs ocramius.github.io 112mo ago
11
Domain Language: The Playthrough Bonus

Since online gambling has been regulated in Belgium, basically each eligible license holder has complemented their land based operations with an online counterpart. Being such a small country, everyone wants to secure their market share as soon as possible. The big players have …

Blogs jefclaes.be 138mo ago
12
Using existing certificates with Laravel Forge

When you work with clients that are supplying you with their own secure certificates, they may arrive in different formats that you need to convert, in order to add them to Laravel Forge.

Blogs dyrynda.com.au Michael Dyrynda 76mo ago
13
Labyrinth 1.1: Making End-to-End Encrypted Backups Even More Reliable 

We’re rolling out version 1.1 of Labyrinth, the encrypted storage system and protocol that secures messages and history on Messenger. Labyrinth 1.1 enhances the reliability of end-to-end encrypted backups with a new sub-protocol that helps messages survive the loss of a device, …

Blogs engineering.fb.com 1mo ago
14
Protect The Shire

tl;dr: Temporary 24-hour cooldown period for plugin/theme releases before auto-updates. AI can give defenders an edge. We want to secure all 78K plugins and themes on WordPress.org.  One of the things we’ve always striven to do as the developers of WordPress is to work hard…

Blogs wordpress.org Matt Mullenweg 27d ago
15
How to fix PHP Curl HTTPS Certificate Authority issues on Windows

On Windows, HTTPS requests made with the Curl extension can fail because Curl has no root certificate list to validate the server certificates. This article discusses the secure and effective solutions, and highlights bad advice that can leave PHP applications insecure.

Blogs php.watch Ayesh Karunaratne 28mo ago
16
AEGIS Encryption with PHP Sodium Extension

The Sodium extension in PHP 8.4 now supports `AEGIS-128L` and `AEGIS256` Authenticated Encryption ciphers. They are significantly faster than `AES-GCM` and `CHACHA20-POLY1305`. This article benchmarks them and explains how to securely encrypt and decrypt data using `AEGIS-128L` …

Blogs php.watch Ayesh Karunaratne 31mo ago
17
Using the SecurityBundle in Symfony 6

At SymfonyWorld Winter 2021, I talked about using the new Symfony authentication system in your applications in Symfony 6. We discussed the important changes to the Security component, what we tried to improve with each change, and how you can use these to make a more secure app…

Blogs wouterj.nl Wouter de Jong 55mo ago
19
Using AWS SSM Parameter Store With Git SSH Keys

and employing them securely At Archer, we have been moving credentials into AWS Systems Manager (SSM) Parameter Store and AWS Secrets Manager. One of the more interesting credentials is an SSH key that is used to clone a GitHub repository into an environment that has IAM roles a…

Blogs alestic.com 91mo ago
20
Synergist

synergist.io is a secure cloud platform to negotiate contracts in real-time. The product The product developed by synergist is composed mainly by an API and a fronted application. The API is a PHP + Laravel application. The goal I joined the project with the aim of setting-up a …

Blogs goetas.com Asmir Mustafic 12mo ago
21
Post-quantum security for SSH access on GitHub

Today, we’re announcing some changes that will improve the security of accessing Git data over SSH. What’s changing? We’re adding a new post-quantum secure SSH key exchange algorithm, known alternately as sntrup761x25519-sha512 and sntrup761x25519-sha512@openss…

Blogs github.blog brian m. carlson 9mo ago
22
Announcing TestInfra Action

One of the key parts of Building Secure Images with GitHub Actions is unit testing the image just built. While for most of my repositories this has been some bash script in the repo that I copied to the next new repo. Always had the desire to make something more clean than that,…

Blogs blog.wyrihaximus.net Cees-Jan Kiewiet 15mo ago
23
Building Secure Images with GitHub Actions

When I initially started building Docker images only amd64 was relevant, and having a build ⇒ Scan ⇒ Test ⇒ Push cycle was as easy as using docker save and docker load. But with arm64 becoming more and more popular, including with my own home cluster, I needed to add images for …

Blogs blog.wyrihaximus.net Cees-Jan Kiewiet 21mo ago
24
Running my very first marathon

Start to run In june 2014 I started running because I had secured a speaker slot at the community day of Laracon EU. For my presentation I wanted to look fit on stage. To gain confidence I wanted to drop a few kilograms of weight. I started with a 9 km run and gradually ran furt…

Blogs hannesvdvreken.com 136mo ago
39
nginx: Using auth_request to secure vhosts

One of our clients recently had a unique use case. They had a Wiki site where they wanted to restrict viewing of posts to only their app’s authorized users. Picture something like a SaaS app where the Wiki site had proprietary content that our client only wanted paying use…

Blogs shout.setfive.com Ashish Datta 70mo ago
40
Drupal 9.2.0 is available

What’s new in Drupal 9.2.0? The second feature release of Drupal 9 helps keep your site even more secure, and comes with increased visitor privacy protection, improved migration tools from Drupal 7, enhancements to the Olivero frontend theme and early support for the WebP image …

Blogs drupal.org gábor hojtsy 61mo ago
41
One Month of Ecosystem Security Engineering

Last month I shared with you that the PHP Foundation secured a grant by Alpha-Omega through the Linux Foundation to help improve the security of the PHP open source ecosystem, and that it is forming a new Ecosystem Security Team. Today I want to update you on the progress so far…

Blogs thephp.foundation 10d ago
42
API Key Management in Next.js

How to generate, hash, store, and revoke API keys in a Next.js app using SHA-256 hashing, server actions, and cross-project guards for secure access con...

Blogs paulund.co.uk 2mo ago
43
The €963 Book Launch That Made Me Wish To Get Back To My Secured Job

Exactly 365 days ago, I released my first ebook. I always wanted to share my experiences about it, but I never felt comfortable enough to do so. The project didn't turn out as expected, and I felt embarrassed. It's time to finally reflect it and to overcome my fears.

Blogs christoph-rumpel.com Christoph Rumpel 84mo ago