Stinkbug.net

Web Security Revisted

Update: I fixed a bug in the code below. It should work properly now.

I wrote a couple of articles about a year ago describing an idea I had for implementing security into a CakePHP app to insure that cross site scripting attacks don’t get though. Just recently I’ve been working on it again for a new app, slightly changing my approach. Since I’ve never shared all of my code on how I’ve fully implemented and configured my set up with the HTML Purifier, I’m going to do that now. Of course some of the code I’ve already shared, but this will be all of it together.

I originally had everything set up as a component. What I want to do is clean everything up before I actually save it to the database. And I mean everything. Any data that can be altered from a form should be run through some sort of clean up process, to ensure it’s security. The problem with having it set up in a component is that in Cake that can only be accessed from a controller, right? So what I really want is for this clean up process to happen in the background for any data that is saved, without me having to write any extra code in a controller. That’s when I decided to take my component and move into my AppModel. I suppose this could be done as a behavior as well, but I’m not real familiar with writing those.

Read the rest of this entry »

Posted on November 10th, 2009 | No Comments »

Creating a Smart Deployment Process
Over the last several days I’ve been trying to do a deployment to our test server and kept running into all kinds of problems. We have some shell scripts that handle the bulk of the deployment for us, but I found out that it wasn’t completely working. In this particular deployment, I made some database [...]

Posted on September 22nd, 2009 | No Comments »
Screencast of HiddenWord.org 0.2 Beta
I just published a new screen cast of the new version of HiddenWord.org. Check it out and let me know what you think. Please leave any comments, suggestions, or improvements that you might have.
http://screencast.com/t/xQSSdPGBcI

Posted on July 7th, 2009 | No Comments »
Thinking about CSS Development a Little Different
I mentioned a little about the Blueprint CSS framework a while back. I’ve been actively developing a couple of sites using it and thinking about using it on another project. I have to say that I really like it. It seems that many people are coming up with new ways to develop their sites with [...]

Posted on July 1st, 2009 | 2 Comments »
Advanced Finds in CakePHP
I talked briefly in my last post about unexpected functionality in trying to retrieve some related data using CakePHP. I’m going to spill the details here in hopes that it will help someone new to the framework understand how to do more customized complex finds and retrieve all of your data in one nice data [...]

Posted on June 23rd, 2009 | No Comments »
The Life, The Word, The Cake
There’s been a lot going on with life and work lately and I haven’t had a lot of time to write about any of it. Needless to say, they are keeping me busy. With so much going on and not a lot of detail to share at the same time, I thought I’d just offer [...]

Posted on June 10th, 2009 | No Comments »
A Review of the Blueprint CSS Framework
I recently decided to spend a little time reviewing the Blueprint CSS Framework. We have a big project coming up and the turn around time is probably going to be really fast. So I thought I’d give Blueprint a try and see if it would speed up our development for this project. There are some [...]

Posted on April 7th, 2009 | No Comments »
HiddenWord.org Screencast
I’ve noticed that a large number of people that signed up for HiddenWord.org haven’t actually done anything once they created the account. I have a feeling that may be because of usuability issues. The sad thing about that is people aren’t really seeing what the application can do. If they’re not seeing what the application [...]

Posted on February 27th, 2009 | No Comments »
Why Use CakePHP’s Security Component?
For experienced developers this is well known, but if you’re a beginner there may be security issues with your web application that you don’t know about. Back in the day when I started back end programming I was using ASP. Active Server Pages is what I learned first. I was writing applications that worked for [...]

Posted on January 27th, 2009 | 1 Comment »

Stinkbug.net

Web Security Revisted

Previous Posts

Categories

Flickr Photos

About Stinkbug.net

Recommended Books