PHP 7.1 - Adding security and Smarty Update

Filed under PHP 7.1

Saturday
25.
February 2017

Fixing a OWASP warning by adding a few lines to the defaults.php.

Defaults.php

//
// OWASP - Browser Cache - How can the browser cache be used in attacks?
//
header('Expires: Sun, 01 Jan 2015 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
//
header('X-Frame-Options: SAMEORIGIN');
header('X-XSS-Protection: 1; mode=block');
header('X-Content-Type-Options: nosniff');
//
// End of send header
//

And next step updating the in Flatpress included Smarty Template Engine Version to get a bit more security.

Interesting Links

» Github - Smarty Template Engine project
» OWASP - Browser Cache - How can the browser cache be used in attacks?
» Stack Overflow - How to prevent Browser cache for php site

Add comment

Fill out the form below to add your own comments


 

Top of Page