--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscribe@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAAqcDMi-zm7cqAWwNWefGAvBb-j8T%3DoFrAnsTsyCd_49AJfEBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAAqcDMi-zm7cqAWwNWefGAvBb-j8T%3DoFrAnsTsyCd_49AJfEBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAJr8_uRPDN9XqT8Saw9Nj4BM3%2BgzrXe64p4LOe1P0M7pWeFcAQ%40mail.gmail.com.
On 29 May 2018, at 10:15, Alice Wonder <alicedo...@gmail.com> wrote:Hi,If privacy is a religion then I am a zealot, and privacy and security go hand in hand. That being said, I am very interested in the results of these PSRs but I am not sure I could contribute. So why I am I posting?I'm begging for a PSR specifically for best practices. Just as an example, even though I personally already did a base64 on a password prehash - I didn't know how important that was, the issue is that a raw prehash can result in a null byte which has meaning to C causing everything after it to be ignored by some algos used in password hashing, yet a large percentage of web apps that use a prehash just use a raw prehash and thus are vulnerable to the prehash resulting in reduced entropy.I've also web applications that do absurd things with CSRF tokens, getting really fancy with how they are generated but actual result is they are somewhat predictable, when really random_bytes(16) is all you need for good CSRF token.It seems like a lot of talented coders (probably including myself) often do the wrong thing just because what is intuitive with security is often wrong and what is the right way often is not intuitive. A PSR might help reduce those instances, thus reducing how often PSR-9/10 need to be used ;)Just a thought.
--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscribe@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/CAAqcDMi-zm7cqAWwNWefGAvBb-j8T%3DoFrAnsTsyCd_49AJfEBQ%40mail.gmail.com.
Count me in: I've got experience in distributing Fabien's excellent collection of security issues, as well as a fair share of maintenance experience when it comes to bad disclosures, and we can surely improve a lot here.
Greets,
Marco
--
You received this message because you are subscribed to the Google Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+unsubscribe@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/php-fig/b7a47e3a-17af-41b3-888a-a1bc3105546f%40googlegroups.com.
--Michael C
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.
--Michael C
To unsubscribe from this group and stop receiving emails from it, send an email to php-fig+u...@googlegroups.com.
To post to this group, send email to php...@googlegroups.com.