Tag Archives: security

Security of remote servers

Here is another example of bad randomness practices that lead to pretty serious issues (something like $15000 stolen). The interesting part, besides the bad programming practice of writing your own random function, is that the vulnerability is outside of the server. In a way, it’s similar to the “physical access” vulnerability. And even if your […]

Posted in Security | Also tagged , | Leave a comment

GPG encryption to multiple recipients

It is a little known feature of GPG: you can encrypt files to multiple recipients. Since it uses an intermediary key, the resulting file is not that much bigger. While it is mostly used for e-mails, I am currently using it for encrypted backups. After all, one of the issue of encrypted backups is that […]

Posted in Sysadmin | Also tagged , , | 1 Comment

And I thought sfDoctrineGuardPlugin was bad…

Update: You can safely ignore this angry rant as the issues have been fixed. I am speechless. While doAuthPlugin looks interesting (especially because it uses inheritance and not some silly secondary Profile table), on the topic of security it is worse than sfDoctrineGuardPlugin. Let’s have a quick look at doAuthTools. public static function rememberHash(User $user) […]

Posted in PHP, Symfony | Also tagged , , , | 3 Comments