Giter VIP home page Giter VIP logo

phpsec's Introduction

phpSec is no longer actively maintained

This project is now live on Subspace! Subspace is the open-development platform where projects are maintained collectively through voting.

phpSec - PHP security library

  • phpSec is a open-source PHP security library that takes care of the common security tasks a web developer faces.

Build Status Latest Stable Version Total Downloads Latest Unstable Version License

Features

  • Data encryption
  • XSS filter
  • Password hashing
  • Secure session handler
  • CSRF protection
  • Yubikey integration
  • Authy integration
  • Random data generator

Installing

phpSec is now a PSR-0 compatible library. this means that it can easilly be installed and loaded using Composer. You can also install phpSec manually, or using Git.

Installing using Composer

To install using Composer just add phpSec to your composer.json file in your project directory.

{
    "require": {
        "phpsec/phpsec":"0.6.*"
    }
}

Then all you need to do is to run $ php composer.phar install . phpSec can then be loaded using the Composer autoloader.

require 'vendor/autoload.php';

Installing manually/Git

Download, checkout or peferrably add phpSec as a Git submodule. To add an autoloader to your project there is one example here. This can be initialized like this:

<?php
require_once 'SplClassLoader.php';
$classLoader = new SplClassLoader('phpSec', '/var/www/vendor/phpSec/lib');
$classLoader->register();

If you already have a PSR-0 compatible autoloader for your project there is no need to add another. All you have to do is to register the phpSec namespace to the phpSec/lib folder.

For documentation on how to use the various phpSec functionality, take alook at the phpsec/doc repository.

System requirements

  • PHP >= 5.3.7
  • Mcrypt, if you want to encrypt stuff.

Getting help / Contact

License

phpSec is open-sourced software licensed under the MIT License.

phpsec's People

Contributors

bithinalangot avatar enygma avatar ph-il avatar technion avatar woutervanvliet avatar xqus avatar yousha avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

phpsec's Issues

Better key handling in phpsecCrypt

Improve key handling by:

  • Adding 'key type' to the encrypted data json string.
  • Adding more key generation methods.
  • Allow custom key generation methods.
  • Improve native phpSec key generation.

Undefined variable: rnd ?

        for ($i=0; $i < 32; $i++) { 
            $sha    = sha1(mt_rand());
            $char   = mt_rand(0,30);
            $rnd    .= chr(hexdec($sha[$char].$sha[$char+1]));
        }

is there something wrong with the loop?

Retire phpsecLog

Consider retiring phpsecLog since it's not very important, or good at doing what it's supposed to do.

Action tokens

One time tokens that are ony usable to perform a certain action.

Yubikey

Write yubikey integration.

Cookie domain and path

Make it possible to specify more information on what domain and path to save the cookie for. Also make it possible to define secure only cookie.

Reinvent storage

Reinvent how phpSec stores data!
Should be configurable, and scalable.

  • Write a storage class (phpsecStore).
  • Write session data trough store class.
  • Write cache trough store class.
  • Write password cards trough store class.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.