Some comments on the talk where a bit towards the obvious, but the part about how to setup Zend_Session was nice.
I was however wondering at the code example where the session was started, the exception caught and the session restarted. I think this can't be done, once destroy is called on a session, a flag is set that prevents it from being started again.
I don't use the ZF app framework myself, but checked this presentation to see if there are some nice ideas to use. And there were. Amongst which the auto generated CSRF token in the form generator.
Actually a small question/side discussion gave me a good idea for auto-encoding strings in my own front-end framework.
So this was a nice update and pretty inspirational.
I use ZF on a daily basis, and I was curious to see if and how I could improve my security. I was very surprised to see that I already use a lot of the suggested improvements. I liked the info on Zend_Session, and the Hash element to prevent CSRF. Quite obvious, the latter one, but so much forgotten...
Very interesting talk. I use ZF every day also and it was also reassuring to see that I am already doing (mostly) the things highlighted by Stefan here.
Most of the things you talked about, should be common knowledge to each webdeveloper. For the people that did not knew all the pitfalls: excellent talk. For the ones that did: mostly a good freshup.
Comments
Comments are closed.
Some comments on the talk where a bit towards the obvious, but the part about how to setup Zend_Session was nice.
I was however wondering at the code example where the session was started, the exception caught and the session restarted. I think this can't be done, once destroy is called on a session, a flag is set that prevents it from being started again.
The talk was fairly low/mid level but had some nice reminders, the sessions part was a good addition.
I don't use the ZF app framework myself, but checked this presentation to see if there are some nice ideas to use. And there were. Amongst which the auto generated CSRF token in the form generator.
Actually a small question/side discussion gave me a good idea for auto-encoding strings in my own front-end framework.
So this was a nice update and pretty inspirational.
I use ZF on a daily basis, and I was curious to see if and how I could improve my security. I was very surprised to see that I already use a lot of the suggested improvements. I liked the info on Zend_Session, and the Hash element to prevent CSRF. Quite obvious, the latter one, but so much forgotten...
Very interesting talk. I use ZF every day also and it was also reassuring to see that I am already doing (mostly) the things highlighted by Stefan here.
Was particularly interested in the CSRF examples.
Most of the things you talked about, should be common knowledge to each webdeveloper. For the people that did not knew all the pitfalls: excellent talk. For the ones that did: mostly a good freshup.