The trouble with OpenSource

It’s no secret that the world runs on open-source. From our Apache and NGinx webservers, our Ubuntu server OS’s, even our .NET and python programming languages. However, how many think that this could potentially be an issue?

Continue reading →
Posted by DCCoder in General, News, 0 comments
AWS Secret Storage

AWS Secret Storage

Working with any form of a secret in development such as usernames, connection strings, passwords, etc is always difficult. Simply finding a convenient and efficient way of storing them without putting them in source control can be a daunting task. While there are many ways of handling this such as dotNet secrets, Azure Key Vault, and Hashicorp Vault. I, however, decided to go with AWS’s secret manager.

Continue reading →
Posted by DCCoder in General, Programming, 0 comments
Hackers gainaccess to US power grid

Hackers gainaccess to US power grid

In a time of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will. Continue reading →

Posted by DCCoder in News, 0 comments

Storing Sessions in a database

Most common applications and “home-brew” sites use sessions for storing temporary data as well as authentication. However,
sometimes a developer may want the session to span over multiple domains and or servers, and some may just be very security
conscience. It is common knowledge that session data is stored in a text file on the webserver, however if you are using
a shared server (as most cannot afford dedicated hosting or VPS) then any user on that server may see your session files.
To prevent this, and allow your user’s sessions to span over multiple domains the answer is easy: store the session data in a
MySQL database! Most of you may not be sure how to do this, or may have even been unaway that this is possible, however it is
very easy. When storing sessions in a database PHP makes the work easy for us with the use of a function called
session_set_save_handler(), this function can control the way that sessions are stored, retrieved, destroyed, etc. Continue reading →

Posted by DCCoder in Posts from old site, Security, Tutorials, 0 comments

Secure Hashing

Many developers believe in the practice of securing passwords and other financial data using a hash function (a function of turning some kind of data into a small number that may serve as a digital “fingerprint”). However just hashing a password isn’t enough it may still be bruteforced and as usernames and passwords are determined by the users not all will meet minimum secure levels so it is up to the developer to pick up where they leave off. Continue reading →

Posted by DCCoder in Posts from old site, Security, 0 comments