Skip to content

Kévin Dunglas

Founder of Les-Tilleuls.coop (worker-owned cooperative). Creator of API Platform, Mercure.rocks, Vulcain.rocks and of some Symfony components.

Menu
  • Talks
  • Resume
  • Sponsor me
  • Contact
Menu

Tag: Security

NPM dependency hell: comparison with Symfony, Laravel and API Platform

Posted on November 28, 2018December 7, 2018 by Kévin Dunglas

You may have noticed the recent fuss about the compromise of event-stream, a popular NPM package: event-stream is a transitive dependency of many popular JavaScript projects including Vue, Angular, Gatsby and VSCode (some of them are using a version that isn’t affected by the attack). This attack raised, again, the problem of the JS dependency…

Read more

Generate a Symfony password hash from the command line

Posted on December 22, 2014December 23, 2014 by Kévin Dunglas

There is an easy way to generate a Symfony compliant password hash from the command line. Assuming you’re using the bcrypt algorithm (the preferred choice according to Symfony’s security best practices), the default cost (13) and you have PHP >= 5.5 installed, just run the following command: php -r “echo password_hash(‘ThePassword’, PASSWORD_BCRYPT, [‘cost’ => 13]) . PHP_EOL;”  It will…

Read more

DunglasAngularCsrfBundle: protect your Symfony / AngularJS apps against CSRF attacks

Posted on January 2, 2014January 3, 2014 by Kévin Dunglas

I create and I see more and more web applications sharing the same powerful architecture: Server-side, a REST API built with the popular Symfony framework and its ecosystem (especially FOSRestBundle, JMSSerializerBundle and sometimes BazingaHateoasBundle for hypermedia APIs). Client-side, a SPA built with Google’s AngularJS consuming the REST API provided by the server with Restangular or a similar library.  These components share the same philosophy (built…

Read more

Patch to use sfXssSafePlugin with symfony 1.2

Posted on February 1, 2009December 31, 2020 by Kévin Dunglas

HTML Purifier is a awesome PHP filter library designed to secure and add standard compliance to HTML. In websites including user generated content, this library allow to have mutlimedia pages including image, text formating and YouTube videos in a secure and SEO proof way thanks to rich text editors like Tiny MCE or FCK Editor…

Read more

MessengerFX’s security problem corrected

Posted on October 6, 2008 by Kévin Dunglas

Some times ago I found a Cross Site Scripting vulnerability in MessengerFX, a popular web-based Windows Live Messenger client. Friday I received from the team saying that the problem is now corrected: Hi Kevin, First of all i want to thank you for your warn. We fixed that problem and now its working correctly. […]…

Read more

MessengerFX allows your contacts to take control over your WLM

Posted on May 16, 2008October 6, 2008 by Kévin Dunglas

I have paste some HTML code to a Edouard using MessengerFX, a popular web Windows Live Messenger client based on AJAX, and – surprise, the code has been interpreted. Oh?! A XSS vulnerability ? Yes, and such a big one! Every software’s feature is available through Javascript. Any contact of a MessengerFX user can crash his browser, and furthermore…

Read more

Follow me on Twitter

My Tweets

Subscribe to this blog

Recent Posts

  • Read the Linux Manual Pages on Mac and BSD, Directly From the Terminal
  • Ne vous lamentez pas, organisez-vous !
  • FrankenPHP: The Modern Php App Server, written in Go
  • API Platform 3 Is Released!
  • Mercure 0.14: Major Performance Improvement and New Features

Top Posts & Pages

  • JSON Columns and Doctrine DBAL 3 Upgrade
  • Securely Access Private Git Repositories and Composer Packages in Docker Builds
  • API Platform 3 Is Released!
  • Symfony's New Native Docker Support (Symfony World)
  • Connection to a MS SQL Server from Symfony / Doctrine on Mac or Linux
  • Generate a Symfony password hash from the command line
  • FrankenPHP: The Modern Php App Server, written in Go
  • Goroutines, threads, and thread IDs
  • Preventing CORS Preflight Requests Using Content Negotiation
  • PHP 7: Introducing a domain name validator and making the URL validator stricter

Persistence in PHP with the Doctrine ORM

Persistence in PHP with the Doctrine ORM

Tags

Apache API API Platform Buzz Caddy Docker Doctrine Go Google GraphQL HTTP/2 Hydra hypermedia Hébergement Javascript JSON-LD Kubernetes La Coopérative des Tilleuls Les-Tilleuls.coop Lille Linux Mac Mercure Mercure.rocks Messagerie Instantanée MySQL PHP Punk Rock Python React REST Rock'n'Roll RSS Schema.org Security SEO SEO Symfony Symfony Live Sécurité Ubuntu Web 2.0 Wordpress XHTML XML

Archives

Categories

  • DevOps (25)
  • Mercure (4)
  • Opinions (91)
  • Programming (185)
    • Android (5)
    • Go (13)
    • JavaScript (43)
    • PHP (143)
      • API Platform (65)
      • Symfony (89)
    • Python (14)
      • Django (5)
  • Security (15)
  • SEO (24)
  • Talks (39)
  • Ubuntu (68)
  • Wordpress (6)

Social

  • Mastodon
  • Twitter
  • LinkedIn
  • YouTube
  • GitHub

Links

  • API Platform
  • Les-Tilleuls.coop
  • Mercure.rocks
  • Vulcain.rocks
© 2023 Kévin Dunglas | Powered by Minimalist Blog WordPress Theme