Magento Security

10 “what to do’s when setting up Magento” and file inclusion attacks

Found this list of things “to do” on Twitter this morning.  I went over the list and saw that there was one item that was missing, which I feel is very important to do.  I saw it in another post on Local File Inclusion for which it seems like there was a local file inclusionContinue Reading “10 “what to do’s when setting up Magento” and file inclusion attacks”


Starting with Magento on Monday

Having spent several years as a consultant with Zend, working with highly scalable applications, developing many of Zend’s training courses, building mobile applications and doing my best to be a generally good guy I am making the move to Magento.  More specifically, MagentoU.  Magento has, for several years, been a company that I have beenContinue Reading “Starting with Magento on Monday”


Generating secure cross site request forgery tokens (csrf)

I don’t talk much about security.  This is mostly because it’s such a moving target.  I’m also horrified that I might give bad advice and someone will be hacked because of me. But in researching the second edition for the IBM i Programmer’s Guide to PHP Jeff and I decided to include a chapter onContinue Reading “Generating secure cross site request forgery tokens (csrf)”

Cloud Magento

Magento, ESI, Varnish and performance

I have been doing a little playing with Magento over the past couple of days.  I’ve been helping out Ebay/Magento by delivering some of their performance training over the past few months.  I’m by no means the world’s best Magento person at the moment, but I know the architecture pretty well. One of the thingsContinue Reading “Magento, ESI, Varnish and performance”

Performance Questions

Setting max_input_time (with data!)

I asked a question on Twitter on why some of the recommend max_input_time settings seem to be ridiculously large.  Some of the defaults I’ve seen have been upwards of 60 seconds.  However, after thinking about it I was a little confused as to why a C program (i.e. PHP) would take so long to processContinue Reading “Setting max_input_time (with data!)”