October 19 2021

Windows 2008 R2 IIS7.5 SSL not working

Tagged Under : ,

It was because IIS on Windows Server 2008 R2 build in Transport Layer Security in version 1 (TLS 1.0). That version is outdated and should not be used for securing any HTTPS traffic and also most of the browser didn’t support it anymore at the beginning of 2020.

July 19 2014

Joomla prevent SQL injections in custom query

Tagged Under : , ,

For custom query in Joomla is not prevent the SQL injections issue. So that, we need to add some script to the query.

In Joomla we can using $db->quote($param) to prevent SQL injections in custom query.

The Example of the query:
$db = JFactory::getDbo();
$query = "INSERT INTO table (`username`, `password`) VALUES (".$db->quote($username).", $db->quote($password))";
In the query you not need to add Single Quote Symbol. Because it will help you add in your query.

July 20 2013

Protect PHP class file that must be include

Tagged Under : ,

Here we describe how we can protect our class file that calling with include function, but it was not secure and its have big risk. For the solution if we can make the file cannot execute or calling when it not include by PHP file.

Why we need it? because when someone try calling http://localhost/module/foo.class.php it will be successful and maybe some accident will happen here.

if( basename( __FILE__ ) == basename( $_SERVER['PHP_SELF'] ) ) exit();

January 09 2013

Using .htaccess Protect Your Site

Tagged Under : , ,

Except from apache you can let your .htaccess file tighten up your site’s security and give extra level of protection.

I am going listing out few example and show you how to use it or where to use it. You don’t have to use every single one, just whatever you feel would help you improve your site security.