Sunday, June 26, 2016

PHP 7's security improved unserialize() function

PHP 7 has introduced options parameter in infamously abused unserialize function.   This options parameter enables developers to explicitly define allowed classes to prevent potential code injections.

Hope other languages can inherit from this approach.

http://php.net/manual/en/function.unserialize.php




secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...