Page history

Mgoodwin

→‎Session Management

Mcoates

Pls email me to discuss - Undo revision 357366 by Yorickpeterse (talk)

Mcoates

Undo revision 357368 by Yorickpeterse (talk)

Yorickpeterse

→‎Password Storage

Yorickpeterse

Small clarification on the secureness of bcrypt.

Yorickpeterse

Using HMAC + bcrypt has absolutely zero advantage over using plain bcrypt. In fact, it's as stupid as hashing a hash. HMAC is meant for weak algorithms such as the SHA family.

Mcoates

→‎Admin Login Pages

Mcoates

→‎Preventing OS Injection

Misterkeg

→‎Inactivity Time Out

Misterkeg

→‎Migration

Misterkeg

→‎Old Password Hashes

Misterkeg

→‎Password Rotation

Mcoates

→‎Further Reading

Mcoates

→‎Further Reading

Mcoates

→‎Email Change and Verification Functions

Mcoates

→‎Goal of Input Validation

Mgoodwin

→‎Contributors: added me

Mgoodwin

→‎Preventing CSRF: clarified session tying

Mgoodwin

added requirement to CSRF protection to ensure tokens are tied to the session

Mgoodwin

→‎Email Change and Verification Functions

Mgoodwin

→‎Secure Coding Guidelines

Mcoates

→‎Password Storage

Mcoates

→‎Password Storage

Mcoates

→‎Admin Login Pages

Mcoates

→‎Content Security Policy (CSP)

Mcoates

→‎Error Handling

Mcoates

→‎Uploads

Clyon

→‎Authentication

Mcoates

→‎Cross Domain / Unintended User Actions

Mcoates

→‎PROPOSED STANDARD

Mcoates

→‎Uploads

Clyon

→‎Password Storage

Mcoates

→‎General Uploads

Mcoates

→‎Image Upload

Ladamski

→‎General Uploads

Ladamski

→‎General Uploads

Erikrose

→‎Image Upload: Asked why.

Gerv

Update to link to latest version of Django security book

Yboily

improved uploads guidance, added archives.

Mcoates

→‎Image Upload

Mcoates

→‎Image Upload

Mcoates

→‎Further Reading

Mcoates

→‎Uploads

Mcoates

→‎Secure Coding Guidelines

Mcoates

→‎Preventing SQL Injection

Mcoates

→‎Migration

Mcoates

→‎Critical Sites

Mcoates

→‎Password Complexity

Mcoates

→‎Password Storage

Mcoates

→‎Migration