Nginx – SSL/TLS configuration

We have ready Nginx server, ready PHP deamons with tweaked configuration so… what next? It’s time to secure our websites. With Nginx it’s very simple to run SSL/TLS connections and also HTTP/2 – faster protocol, great for mobile devices and new web browsers. Like in previous chapters, we will make changes not only to enable secure connections, but also tweak default settings – be aware, these recommendations will not work with old browsers like Opera 12, Internet Explorer 7 or old Android (2.x) build-in browsers. I thinks is isn’t any drawback, these browsers are obsolote for a long time. Ok, let’s start with Nginx configuration.

Continue reading “Nginx – SSL/TLS configuration”

PHP – generate secure password

This post will be very short. We must sometimes generate random password in PHP – for example when users create accounts on our service, or we send them new password after reset. Yes, we can do this in many ways, but most of them are bad solutions – we can create function (or method, class) to generate random string from given range, do it manually and try to make all random. But it isn’t random – it must by real secure, we must  use cryptographically secure pseudorandom generator.

Continue reading “PHP – generate secure password”