Protocol relative URLs

Many times we have seen warnings similar to “This page contains both secure and nonsecure items” or “This page has insecure content.”. This happens when we are viewing a HTTPS site and some content on the site is loaded from HTTP. So when we try to view a site say https://www.example.com and we get this warning, that means some content on the site is getting loaded from a non https site, like http://www.example.com. These warning messages can be fixed by using protocol relative URLs.
Read more »

Understanding favicon

A favicon (short for “favorites icon”) is a small image associated with a website intended to be used when you bookmark a page. Web browsers also use them in the URL bar, on tabs, etc to help the users identify a website. It is typically a 16×16 pixels square icon which is saved as favicon.ico in the root directory of the website’s server.

Read more »

PHP 5.5 Password Hashing API

Most of the applications or websites today have a user registration system which requires storing usernames, passwords etc. A developer of the application should always store passwords securely and never in plain text. There are many methods to encrypt or hash passwords and store in the database but which method to use? The methods that are currently used are hashing password using algorithms like MD5(), SHA1(), BCRYPT.

MD5() and SHA1() methods are now considered weak. BCRYPT is currently considered the best algorithm to use for password hashing. However, correctly implementing it can be difficult (prior to PHP 5.5). In PHP 5.5 there is a new Password Hashing API which can be used very easily for hashing the passwords using BCRYPT algorithm.
Read more »

Encryption using PHP and OpenSSL

In this post we will see how to encrypt and decrypt data using PHP OpenSSL. We will be using asymmetric (public/private key) encryption. In this encryption a user generates a pair of public / private keys and gives the public key to anyone who wants to send the data. The sender of the data will encrypt the data using the public key of the receiver. The receiver will then unencrypt the received data using his own private key. The data encrypted using the public key can only be decrypted using the corresponding private key.
Read more »

How to generate passwords for .htpasswd using PHP

In my earlier post about .htaccess I had described about authentication using .htaccess and command to generate .htpasswd file. However, when we want to add passwords for many users that method will take too long, since we will have to add passwords for each user one at a time. However, there is an easier way to generate the .htpasswd file using PHP. In this post I will show the different algorithms which can be used to generate the .htpasswd file.
Read more »