There are various reasons that you might want to force a website to use SSL. In general, if you have an SSL cert setup for your website, you should probably force all users to https even if the page doesn't contain sensitive data. In an ideal world, you would do this on the server side…
You are looking to create some sort of HTML element on your site that when clicked will trigger a file download. Seems like a pretty simple request, but there is a little more to it then first appears. By default web browsers will have a set way to handle certain file formats. For example, if…
Classic ASP might seem like a language that is dead and gone, but it is still alive...somehow. With a language that has become outdated, it can be difficult to fight against modern security risks. Knowing how to prevent SQL injection with classic ASP is a valuable bit of code to have at your disposal. With…
When you have obtained a list of emails from a location that required little to no validation on whether it was a real email, you will be stuck trying to determine if the email address is real or not. You don't want to risk sending out an email to these users without checking as a…
  I recently hit an issue where i needed to change the name of an XML node. It ended up being a lot more complicated than I had expected it to be. node.Name is a read only field, so you can't take the simple route and rename it this way. Since you cannot rename the…
This setting is up there as one of the most dangerous settings you can have enabled on a web server. It will allow someone to potentially inject a tiny piece of code into your system that could in turn completely compromise your entire server. If you have some bad programming practices in place it could…
When it comes to dangerous PHP functions, allow_url_fopen is one that can be incredibly dangerous, but it is also something that is very useful and in most cases will need to remain enabled if you have written some advanced scripts. A common use for this setting would be with a REST based API. For example,…
The register_globals is a setting that should always be disabled. The method has been deprecated for some time and as of PHP 5.4 it no longer even exists. If you are running an older version of PHP it should be disabled if you are not using it. The big question here is, how can you…
When looking to buckle down your webserver, expose_php is often something that people suggest you disable. What does expose PHP do and why should it even be disabled? Well it doesn't really do much, and on its own it really doesn't do any harm to your server, but it does expose information that a hacker…
I have read a lot of blog posts about how people are making $100s every day from the amazing ads provided from Propeller Ads. So I decided to give it a go and see what all of the hype about it was. I had intended to write a Propeller Ads review to see how they…