khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-04 10:46:21 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add OWASP Top Ten

Browse Source
This commit is contained in:
Lukas Reschke
2012-10-29 15:09:25 +01:00
parent c6a644c563
commit dc0a87fabc
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
developer_manual/security.rst
View File

@@ -12,7 +12,7 @@ Blacklisted PHP functionality
**!=**
Use !== instead
**rand(), srand(), mt_rand()**
If you need a cryptographical secure random number use OC_Util::generate_random_bytes() instead
If you need a cryptographical secure random string use OC_Util::generate_random_bytes() instead, the PHP provided functions are `not secure <http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/>`_.
CSRF protection
-----------------------------
@@ -29,4 +29,8 @@ OC_Util::checkAdminUser() or OC_JSON::checkAdminUser()
OC_Util::checkSubAdminUser() or OC_JSON::checkSubAdminUser()
Checks if the user has subadmin rights
Recommended reading
-----------------------------
The `OWASP Top Ten Project <https://www.owasp.org/index.php/Top_10_2010-Main>`_ provides good informations about the 10 most common security vulnerabilities in web applications.
TBD