CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
⚖ Terms of Use ✉ Contact

Tag: security

11 terms of 1466 total

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
register_globals Era & Why It Was Dangerous PHP 3.0+
PHP 4 shipped with register_globals=On by default — injecting GET/POST/COOKIE values as global variables, making PHP synonymous with insecurity until it was off-by-default in PHP 4.2.
2mo ago php intermediate
Remote Code Execution (RCE)
A vulnerability allowing an attacker to run arbitrary code on the server — the most severe class of web vulnerability, typically achieved through eval(), unserialise(), file upload flaws, or OS command injection.
2mo ago security intermediate
Role-Based Access Control (RBAC)
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
2mo ago security intermediate
register_globals Risk & Legacy Code PHP 3.0+
register_globals automatically created PHP variables from GET/POST/COOKIE data — removed in PHP 5.4. Legacy code using it is critically vulnerable to variable injection.
2mo ago security intermediate
Rainbow Table PHP 5.5+
A precomputed lookup table mapping hash values back to their original inputs — used to crack unsalted password hashes.
3mo ago general intermediate
random_bytes() PHP 7.0+
Generates cryptographically secure random bytes from the OS entropy source — use for tokens, salts, and nonces.
3mo ago php intermediate
realpath() PHP 5.0+
Resolves a path to its canonical absolute form, collapsing ../ sequences — used to prevent path traversal.
3mo ago php intermediate
Diagram: Regex Performance Regex Performance
Regex performance pitfalls — catastrophic backtracking (ReDoS), unnecessary captures, and poorly anchored patterns that scan more input than needed.
3mo ago regex advanced
register_globals (Legacy Audit) PHP 5.0+
A removed PHP setting that automatically created global variables from GET/POST/COOKIE input, enabling trivial variable injection attacks.
CWE-473 OWASP A3:2021
3mo ago php beginner 9.8
Responsible Vulnerability Disclosure
The practice of privately reporting security vulnerabilities to vendors before publishing, allowing time for a fix.
3mo ago general intermediate
Rate Limiting PHP 5.0+
Restricting the number of requests a client can make in a given time window to prevent abuse, DoS, and credential stuffing.
CWE-770 OWASP A5:2021
3mo ago performance intermediate
✓ schema.org compliant