Convert .pfx to .cer
the simple way I believe is to import it then export it, using the certificate manager in Windows Management Console.
security
How to view PHP on live site
No, as it is interpreted on the server-side and the results are sent to the user. If you want to view the source code of a site you control in-browser, consider the FirePHP extension for Firebug, or just access your site files with your preferred method.
Error `sec_error_revoked_certificate` when viewed in Firefox only
When Firefox web browser checks a security certificate, it also checks with the issuing authority if the certificate is valid. It appears that, near a certificate’s expiration date, the issuing authority may release a new certificate. The two certificates have conflicting expiration dates. For reasons unknown, this caused Firefox to report a sec_error_revoked_certificate error and … Read more
How does the SQL injection from the “Bobby Tables” XKCD comic work?
It drops the students table. The original code in the school’s program probably looks something like This is the naive way to add text input into a query, and is very bad, as you will see. After the values from the first name, middle name textbox FNMName.Text (which is Robert’); DROP TABLE STUDENTS; –) and the last name textbox LName.Text (let’s … Read more
Which of sprintf/snprintf is more secure?
I wish to know which of these two options is the more secure one to use: sprintf(buff, “%.*s”, MAXLEN, name) snprintf(buff, MAXLEN, “%s”, name) My understanding is that both are same. Please suggest.
When you use ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error, does it only apply for the current site?
This is specific for each site. So if you type that once, you will only get through that site and all other sites will need a similar type-through. It is also remembered for that site and you have to click on the padlock to reset it (so you can type it again): Needless to say … Read more
what is a auth_user_file.txt?
I assume that those crawlers are looking for auth_user_file.txt because its name is probably given in some tutorial for Apache’s mod_authn_file module; when an admin makes the mistake of putting the file in the webserver’s DOCROOT, then it is free for downloading by anyone who asks. Once an attacker downloads the file, they can brute-force the password hashes, and gain … Read more
What does it mean to escape a string?
Escaping a string means to reduce ambiguity in quotes (and other characters) used in that string. For instance, when you’re defining a string, you typically surround it in either double quotes or single quotes: But what if my string had double quotes within it? Now I have ambiguity – the interpreter doesn’t know where my … Read more
How can I prevent SQL injection in PHP?
The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL, so that data stays data and will never be interpreted as commands by the SQL parser. It is possible to create SQL statement with correctly formatted data parts, but if you don’t fully understand … Read more
Are PDO prepared statements sufficient to prevent SQL injection?
The short answer is NO, PDO prepares will not defend you from all possible SQL-Injection attacks. For certain obscure edge-cases. I’m adapting this answer to talk about PDO… The long answer isn’t so easy. It’s based off an attack demonstrated here. The Attack So, let’s start off by showing the attack… In certain circumstances, that will return more than … Read more