Posts Tagged ‘ Security ’
I created an Action Helper– essentially a class that is accessible from all implementations of the Zend_Controller_Action abstract class. This class currently implements a simple method that given a user id, course section id, and minimal user level, it will either do nothing, or halt execution and redirect the user. This is to address Issue 17. [ READ MORE ]
Based on a suggestion by Ryan Govostes, I have implemented salted passwords. If the database is compromised by some sort of attack — SQL injection, or otherwise — the attacker will be unable to use a pre-made collision table. Now, there is an application salt in addition to a per-user salt. The idea behind the application-wide [ READ MORE ]