Mostly things that interest me

Configuring MySQL SSL in Magento (to get your HIPAA auditor off your back)

Configuring MySQL SSL in Magento (to get your HIPAA auditor off your back)

I’ve been asked a few times now if there is a way to use encrypted MySQL connections in Magento. Most of the time it is when merchants are selling medical products and HIPAA requirements come into play. I am not an expert in HIPAA, nor do I want to be, but with the cost of vulnerabilities on the rise it made sense to at least look into it and get a good answer on how to do it.

We don’t need better authentication

We don’t need better authentication

I saw a tweet today concerning authentication. Monaco, at White House cybersecurity summit at Stanford, calls for replacing passwords with more secure technologies. — Paul Krill (@pjkrill) February 13, 2015 When reading that the first thing that came to my mind was “with what?”  When will that one be hacked and then replaced by something else,Read more about We don’t need better authentication[…]

10 “what to do’s when setting up Magento” and file inclusion attacks

10 “what to do’s when setting up Magento” and file inclusion attacks

Found this list of things “to do” on Twitter this morning.  I went over the list and saw that there was one item that was missing, which I feel is very important to do.  I saw it in another post on Local File Inclusion for which it seems like there was a local file inclusionRead more about 10 “what to do’s when setting up Magento” and file inclusion attacks[…]

How to use PHP with MySQL (without SQL Injection vulnerabilities)

How to use PHP with MySQL (without SQL Injection vulnerabilities)

Chris Dale recently posted a horrifying article on his blog.  It is called “Why it’s easy being a hacker – A SQL injection case study“.  The most horrifying part of the post was that when you type in the Google search “How to use PHP with MySQL” a significant number of the results come backRead more about How to use PHP with MySQL (without SQL Injection vulnerabilities)[…]

Encrypted session handler

Encrypted session handler

A little while ago I had come upon the problem of having to store sensitive data in a user session. The solution that I (and several others came upon) was creating a mechanism for storing encrypted data in a session. But what we wanted to do was build something that didn’t have a single point of failure. We also wanted to build something portable. What we built was a simple Zend Framework session handler for storing sensitive data.