phpSecureSite is a modular authentication, session handling and security system for Web applications that was built using PHP. It features a stripped-down core that takes care of basic session handling, and modules for other functionality like brute force protection, session variables, and access control lists.
|Tags||Internet Web Dynamic Content CGI Tools/Libraries Security Software Development Libraries Application Frameworks|
|Operating Systems||OS Independent|
Release Notes: This is primarily a bugfix release. The most notable bug completely broke the database log module, but it is now working again. A few minor security issues have also been fixed. In addition, an LDAP authentication module has been added, and all the modules now set default configuration values which are used as fallbacks if the option is not set in the configuration files.
Release Notes: Several critical security problems have been fixed, all related to unescaped data being placed directly in database queries. A new internal cache system has also been added, which should help reduce database load.
Release Notes: This is the first semi-stable release of phpSecureSite. Most of the essential module infrastructure has been implemented, the API should be more or less stable for some time now, and most important modules are in place. To mention only a few changes: the author has added classes to the log system, greatly enhanced module infrastructure, added additional error information, allowed changing of the configuration file path, added support for SHA1 and Unix crypt() passwords and Microsoft SQL Server, added a new tool for cleaning up the database, added a log module for plain text files, made security and bug fixes, and cleaned the code.
Release Notes: The big change in this version is the new and improved configuration system, which should make phpSecureSite a lot easier to set up. A few new modules have also been added: cachecontrol (for controlling caching policies), ipaccess (source IP based access control), and syslog logging module (for logging to the UNIX syslog). A couple of new options were added to the bruteforce module to set time limits. Some bugs and security problems have been fixed, and some internal changes were made.
Release Notes: The most fundamental change is the complete modularization of the system. It now consists of a very stripped down core, which takes care of session handling and provides the module infrastructure, and various modules handling database communication, authentication, logging, ACLs (access control lists), brute force password guessing protection, session variables, session hijacking protection, session timeouts, and more.