Tag Archives: random numbers

Security of remote servers

Here is another example of bad randomness practices that lead to pretty serious issues (something like $15000 stolen). The interesting part, besides the bad programming practice of writing your own random function, is that the vulnerability is outside of the server. In a way, it’s similar to the “physical access” vulnerability. And even if your […]

Posted in Security | Also tagged , | Leave a comment

And I thought sfDoctrineGuardPlugin was bad…

Update: You can safely ignore this angry rant as the issues have been fixed. I am speechless. While doAuthPlugin looks interesting (especially because it uses inheritance and not some silly secondary Profile table), on the topic of security it is worse than sfDoctrineGuardPlugin. Let’s have a quick look at doAuthTools. public static function rememberHash(User $user) […]

Posted in PHP, Symfony | Also tagged , , , | 3 Comments

Random fail

Yet another case of trying to be too clever with randomness!

Posted in Security | Also tagged , | Leave a comment