Unvalidated redirects and forwards are when an application uses untrusted data to redirect a user to a new webpage. This poses a security threat since an attacker can use the application to redirect unsuspecting users to a malicious site in a phishing scam. more…
Articles tagged with "Authentication"
Managing WordPress Roles and Capabilities
The WordPress permissions system is pretty straight forward, each task a user performs on a WordPress installation requires the capability to perform that task. These capabilities are how a WordPress installation can allow authors to write articles but not edit plugins, or allow editors to manipulate content but not change a theme. more…
Force Password Complexity Requirements in WordPress
By default WordPress does not require strong or complex passwords but it is easy to add the functionality. Here is a great article explaining why strong passwords are so important. more…
Force URLS to use HTTP or HTTPS in Symfony 2
Create an Authentication Listener in Symfony 2
It is possible to subscribe to many events in Symfony 2, and login events are no different. You may want to have an authentication listener that increments a user’s failed login attempts so an account can be locked or you may want to set the last login date for a user on a successful login. more…
Adding an AJAX Login Form to a Symfony Project
Adding an AJAX powered login form to a Symfony 2 project is pretty simple, but there are a few things to cover. The first is that the Symfony firewall handles authentication by sending a form to the route defined in the app/config/security.yml as the check_path for the firewall. So to login using AJAX, a form needs to be posted to that route along with a few fields, _username, _password, _remember_me, and if you’ve enabled CSRF for your form, the _csrf_token, field. more…