I created a PHP web app that contains a wallet system and an API that will credit or debit from the wallet. And this website also contains a payment gateway to add balance to the wallet. I wanted to ask what security measures I can take to make my web app secure? What more I ..
I have an email verification page on my Website. There I let the user send the code again ("Resend code" button). What I want to do now is to timeout if the user uses that button more than once. For example, 1 minute on the second try, then 2 and so on. While doing this, ..
I have this php structure: $host = data1; $user = data2; $pass = data3; $db_name = data4; $conn = new mysqli($host, $user, $pass, $db_name); but I want to have better security, something like having every data encrypted, could you help me? Sourc..
Is it possible to use Azure Vault to store MySQL DB credentials in Symfony? Right now the credentials are stored in an .env file (encrypted) but there’s a request to use Azure Key Vault instead. I’ve never heard about such a setup, is it possbile at all? Sourc..
My website has an XSS vulnerability. I’ve seen some good solutions to solve it. However, these methods are mostly ideal for projects written from scratch. On my current website, there are many boxes, forms etc that need user inputs. It seems difficult to change all the codes. So I need another solution to help me ..
I have a delete page that shows a user record from a MySQL database. The delete functionality is done with a PHP prepared statement, and after this is executed the user is directed back to index.php (which shows a table of all the users) Above the $_POST request that handles the deleting of the record ..
I am trying to use Panther in my Symfony 5 app to fill out a Stripe payment form. My Stripe fields are managed by Stripe itself from iframes generated in my form. (Take a look on the second example of the Stripe Elements form examples : https://stripe.dev/elements-examples/ , the fields are in Stripe hosted iframe. ..
Index.php was used for multiple users to login using Form Post and show log-feeds Any clues to to prevent this happening and how this is happened. This is my friends site and was in hosted website. Dont know if this is XSS attack or someone used FTP to modify the index.php any clue how to ..