Chesso
Members-
Content Count
1,041 -
Joined
-
Last visited
Everything posted by Chesso
-
Windows Vienna Next Version of Windows
Chesso replied to delivi's topic in Websites and Web Designing
Well I think were all hoping that Vista was just a stepping stone and Vienna will be the serious, full blown, complete package deal, I know I am lol.I would of personally liked to see a full on beefed version of XP (riddle out all the little annoyances, re-write a few things here and there etc), but meh, I guess that won't make them money. One can still hope though. -
Bah, never read a book on any computer topic in the whole 5 years I have been using one lol.Usually trial and error or google .
-
That recovery feature is kick *bottom*, although I really wish you could have it automatically so if you accidentally close tabs or some such, it could recover the same way. It's certainly saved me a lot of trouble though. P.S. For anyone wanting to close FF temporarily and have that recovery option, just force it to close in the task manager and it should present you with that option when you run it next.
-
If I could actually find a job, and move to a better area I would most likely end up reducing my time on the computer considerably.Right now I am on it, for the majority of my time, emailing, working, studying, programming, games, music, web development, movies, news etc.It's very useful to be able to cover so many different things (including some daily tasks), via just my computer, I can even do several things at once and get them out of the way faster than ever possible (and spend more time on something else).
-
From off the top of my head, I would say one of the weirdest things I have seen is also from eBay.A slice of toast in the shape of (I think jesus or something like that), it sold for at least $200US+ I believe.
-
Haven't tried that one yet (could have sworn I posted in this topic before..... :S).I use Programmers Notepad 2, tabbing, good syntax highlighting, code treeview (you can collapse and uncollapse segments of code from and to view).But it also has some annoyances that cannot be changed (like when selecting something, if you budge too far up or down it might reset back to the far left, it really can be annoying).
-
Cpanel Error Missing WHM Remote Access Key.
Chesso replied to Soto's topic in Websites and Web Designing
I never had this problem (must have been from a recent change), as I have been here for quite awhile.If it hasn't been resolved yet, trying PM'ing/emailing one of the moderators or administrators here just to let them know what's going on, in case they aren't aware . -
Nice, I hadn't thought of email encoding.Ahh it appears to convert to character entity form.A bit like when I process key strokes in my software by there assigned numbers and number constants.Good find!
-
That's true, we can only go on what's in front of us.Nobody can really tell if someone had done it beforehand, but it sounds like this Yuri guy is it.
-
The solutions I am intending to build are mostly via PHP, hence why it is here. I do not expect anyone to openly throw this information here on the board (and it's certainly not a good idea to do so). But if anyone can throw information my way about common or even some un-common methods of doing thins like SQL Injection, and XSS it would be greatly appreciated (through PM or Email etc). Even if it's just methods of testing weaknesses rather than a direct exploit (that actually causes harm). I am trying to build my new website with as good solutions for combatting such attempts (like checking numerical data, fingerprinting with MD5 of phpsessid/agent information and re-issuing new session id's upon login to help combat against session stealing). If I can gather up enough information and thwart some of the more common methods, I may post a tutorial/article on how I did it. My current methods of helping stop these things from happening a fairly small and simple to implement. A shortish summary of what I have in place for now: 1. If expecting numeric only data across paged variables (like id's, and page for pagination), I always check to make sure it's numeric, if not I force it to be some default value (or perform another action), so that they cannot be exploited. 2. Performing a custom function on possibly exploitable string sent across as page variables or otherwise (like forum messages, shoutbox messages and emails, login information etc), that strips all tags, all line breaks (for single line strings), any quotes, and using strip_slashes etc. 3. Re-generating PHP Session ID's upon user login (so they absolutely do not retain the same one across seperate sessions), Creating a session variable that's an MD5 of a random number fingerprint plus session id and agent information, if an attacker gets a user session id it will be useless because there random fingerprint and more than likely agent information will not match the original users MD5 make-up, therefore the user is forced to log-out and re-login to generate a new session id. Which means the attacker nor the user can do anything, if the user re-logs in, the attacker no longer has any useful information. And even if they re-obtain it, the same thing will happen, so they have no room to cause any damage. Or this is how it appears from my testing .
-
Although kirupa rarely goes the better methods when teaching, it is certainly a great place to start on the many different things they cover.After all, they can't make it too easy for you .
-
Hi matt, I have already implemented it for my new site, and it's not too difficult.On my news page, I basically check if a cache file (news_cache.htm) already exists, if it does not I flush buffer (cause I already was bufferning), re-start buffering, output a new news page based on the normal querying, get the buffer at the end, flush it, then write it to cache file.From then on it will load from the cache until the cache is removed.Where I simply delete the cache file, within my administration section if I Add/Edit or Remove any news piece.Hope that helps!
-
Ahh awesome that should help.I found a similar article last night (slightly different coding approach though), but this seems to be the basic idea I am looking for.Unfortunately I can't really get started until I have at least basic site administration up, because that's the point where the cache will be created/updated.Seen as I may be running a php/mysql driven browser game in the future, it can really help if small places like news and such aren't killing the server or database .
-
I am hopefully about to attempt this on the news page of my new site.Every bit counts as far as I'm concerned and not having "news" portion of my news page re-php and re-mysql everything where there is no chance seems like a waste.I'm looking for good articles, information or tips on the process (if I fail to find any good information as I'm looking through now).The way I see it right now, I have most of my page split up in header, content (some static html in here before dynamic contend and then a little more static html to close it off) and then a footer (using PHP includes to bring them all together).So I want to include a static html representation of the actual news portion of the news page from say a cache directory (for the sake of not having too much junk in one place, and I might use this for other pages as well), and only update that cache when I make a new news post from the administration section (which I am building soon, have done several before).The news has pagination (if too many news posts on a single page it spans to multiple ones) though this isn't necessary and I may consider removing this feature to simplify things.But yeah, I would basically instead of generating the news content from PHP/mySQL, in the admin section take a very similar approach but instead write the data to my static html cache page.How does that sound (and is there anything I need to consider aside from what I have mentioned already)?Any help is greatly appreciated!
-
Sql Injection Prevention (passing Numerical Data Across Pages). PHP/mySQL
Chesso replied to Chesso's topic in Programming
Yup I do the same for string data that's parsed.Numerics I use this function, it's smaller, faster and if it ain't a pure numeric value (I don't want it) .On all string data in my custom function I perform strip_tags, str_replace (if I don't want \r\n for single line strings etc), mysql_real_escape_string() etc.One thing I haven't determined yet is how to avoid indirect injections (like form data). It's one thing that came up using a vulnerability scanner even after using the above techniques, though I suspect it's less likely to be taken advantage of. -
Even if your building something as simple as a basic news page for your website, if your passing along url variable strings like (mysite/index.php?page=1), you may be vulnerable to SQL injection attacks. For cases like these (passing numerical data in url strings), I have a handy dandy little function to thwart these attempts silly: // For checking if value is a number, if not return 1. function isNum($val) { if (!is_numeric($val)) { $val = 1; } return ($val); } I have this function, within my functions.php file, which I use as an include in files where I need access to the function, and use it like so: </php.....include 'functions.php';....$page = isNum($_REQUEST['page']);?> So if someone decided to pass along (mysite/index.php?page=1P, or anything non numeric at all), it will be reset to 1. This will halt anything other than the intended numeric data (or a static base numeric value) getting in. Of course 1, might not be the desired alternative numeric value, so you could modify the function to be something like this: // For checking if value is a number, if not return 1. function isNum($val, $alt) { if (!is_numeric($val)) { $val = $alt; } return ($val); } Which would basically allow you to specify an alternative numeric value, so if the url sent one isn't, it will use our alternative, here's an example of it's use: </php.....include 'functions.php';....$page = isNum($_REQUEST['page'], 1);?> So if $_REQUEST['page'] is anything other than valid numeric data, in this case, it will become 1. I hope this information is of use to you all P.S. Feel free to comment/suggest etc, also if you know any other little things like this to help out against SQL Injection (or even XSS etc), I would be more than happy to read them, I am very interested in the subject of preventing these kinds of things (especially without going overboard).
-
A Logical Arguement For The Legalization Of Marijuana
Chesso replied to SilverFox1405241541's topic in General Discussion
But whether mary j exists or not, those kinds of people will find something. So it won't really change that much. -
A Logical Arguement For The Legalization Of Marijuana
Chesso replied to SilverFox1405241541's topic in General Discussion
Of course, the problem is the over-users and abusers that stab people so they can buy a stick (I am not kidding, it happens here every single night on multiple occasions at multiple places).I don't even need to leave my house to know what goes on, though I must admit alot of dealers got busted on.And what do you think they sold the most of? Pot of course, but why? because it's cheap.If I remember right they raided 600+ pot dealers in 1 suburb, heh. -
A Logical Arguement For The Legalization Of Marijuana
Chesso replied to SilverFox1405241541's topic in General Discussion
Jeigh mate, we don't even smoke clean tobacco, it's illegal to sell it.We basically don't have much choice but to buy commercial brands that put all the crap in it. Home grown is illegal to sell (and I assume buy and possess as well) which doesn't have all the added crap (clean I suppose, or natural).What makes you think they'll be any different with Marijuana lol? They'll probably make ever colour and flavour of the rainbow with it among other things. -
In an online web browser game? (the purpose of this blocking of anonymous proxies).School, Work or College: Shouldn't be playing it here anyway.ISP Blocking sites: Who's problem is that? not mine lmao.I know of, have played and participated (as staff) in a few such games and haven't heard of a single person with a legitimate excuse for using an anonymous proxy.English sites don't tend to attract germans, arabs or chinese (within there respective countries)...... unless of course they have a good command of the english language.
-
Yeah iv'e tried those methods, they'll catch public open proxies, but they aren't the problem.These websites cop multiple accounts from people using anonymous proxy sign ups (MANY multiple accounts) to get ahead in the game.If they use a public open proxy then I can know what there real IP is and if they already have an account, or other general trace.But an anonymous one hides it, so I can't tell if they are legitimate or not.
-
Well I'm sure there is a legitimate use but I can't think of one, and haven't heard of anyone using it for one so yeah lol.