Jump to content
xisto Community
kkrizka

Web 2.0

Recommended Posts

quote that rval, its copied...

i did research for 2.0 web.

and the easiest way to describe it is:

 

Make everything big!

Like dont be afraid to use font size 24.

 

Allot of white space

Use the room you got, and make sertain parts sepperate

 

Shiny things

Use shines on your buttons, its 2.0

 

And offcourse ajax

Use it... its really 2.0 :P

 

 

These are the basic 2.0 things,

Because i'm a designer most of it is design a like. But just look for some good 2.0 sites, and you'll get the idea

Share this post


Link to post
Share on other sites

I believe with Web 2.0 the focus is on the user and what he/she wants. Certainly the rise in web applications accounts for that. Other features include: adjusting the size of text, AJAX, Ruby on Rails, scriptaculous, Digg....the list goes on and on.

Share this post


Link to post
Share on other sites

I think Web 2.0 simply means more interaction between the site and the users and also adhering to the standards of W3C's XHTML and CSS validation, not forgetting that moving away from static websites into dynamic ones. Static websites are like your html pages, having to edit the content in Dreamweaver and then uploading it. Of course, technologies like Ajax and RSS feeds helps soothen it even further, no need for any refresh, you can instantly see your comment posted just like in blogs and getting updates whenever it is done instead of having to go to the site every few hours. However I don't think we are entirely ready to move into Ajax at the moment, so many browsers out there who are still very primitive. Some of them are concerned about javascript securities and as we all know, in a way we are using Javascript to make use of AJAX. Take out Javascript and AJAX is gone too. A lot of us are trying to build our sites to be Web 2.0 but I wonder whether is it too early for that?

Share this post


Link to post
Share on other sites

Secure Website Login Programming with PHP & MySQLIntroduction
If you are developing a web-based system whereby a user, or users, are logging in and staying logged in (sessions, cookies), the following ideas are written with you in mind. Making sure your authentication and authorization schemes are secure is going to be part of your task. All of those things fall under the umbrella term: security. Any competent, security conscious person should already know that most intrusions/attacks are undertaken as follows:
1. Social Engineering (conning)
2. An inside job, by an employee or trusted person
What it all means is that nothing is stopping one of your users from choosing an easy password, sharing it with others, or leaving themselves logged in as they step away from the machine. Nor can you completely stop an employee from misusing your internal system. However, it behooves you to implement the most basic security measures in your programming, in this case, website programming. That is why I have written this article.

Some Basic Rules
Rule #1 - Nothing is totally secure. Break-ins and compromises are inevitable.
Rule #2 - Segment your system/software in order to diminish the damage from said compromise.
Rule #3 - Log as much as you can.
Rule #4 - Never trust user input.
:P
My definition of security
Slowing down an attacker long enough to capture them, and/or fix the security holes, while at the same time safeguarding a system that is segmented in order to lessen the degree of damage during a successful attack. In other words, make a system that is designed for security, defense and facilitates recovery from attack. (Think like kevlar, not concrete: be flexilble, absorb attack, recover and respond.)


Basic Security Methods
The following should be in place in your system, as a minimum.
1. Usernames and passwords should be 6 characters long, or more. Go for 8 or more characters to be safer.
2. In the event of login failure, be very uncooperative
Tell the user "Your login attempt was unsuccessful" not: "Your password was missing the letter x" or "Your username is not in our system". Give very few leads as to why the login failed. They only serve to help intruders.
3. Handle errors gracefully
Place the ampersat symbol (@) in front of many of your PHP function calls. If they fail, the ampersat will stop that failure from showing in the browser window. This is very useful when making database calls but your database is down, or the SQL statement returns an error. Such messages would only give feedback to intruders, or look unprofessional to regular users.
Example: $variable = @function_name($parameter);
4. Passwords in the user account table of your database must be encrypted (SHA-256 or higher)
That way if someone were to somehow gain access to the database itself, and view all of the user accounts, they would be able to see usernames, but not plain text passwords. Unless they changed the password, which would alert the user once they realized they couldn't log in, or they tried to crack the encrypted password (possible, but hard) they would have no way of using their newly found information.
To accomplish this, the "password" field in your SQL datbase should hold an encrypted string. Before you compare the user input password to the one stored in the database, use the PHP encryption functions to encrypt it.
Example: $encrypted = @hash("sha-256", $password);
$encrypted = @md5($password);

5. Create a different area for administrators/webmasters to login at and use
If your users log in at https://www.salesforce.com/products/platform/overview/, then create a different folder and set of code for the administrators to log in at. Something like https://www.salesforce.com/products/platform/overview/ Now, I do not mean that this is for "power users" or "managers", I really mean you, the main site webmaster, when I say administrators. Put your login code and other PHP code in that separate folder, and name it something odd instead of "admin" or "root". Make it non-obvious.
6. Log the total number of logins for each user, as well as the data/time of their last login
Logging the total is just a good indicator, and *may* be useful for security purposes depending on your system. Keeping track of their last login is very useful in the event that someone logged in using their account, without permission. You now know the time it happened, and if you log the date/time of any changes in your database and by whom, you can track what that intruder did while logged in.
In order to accomplish the above, the user account table in your SQL database should have three extra fields:
Logincount of type INTEGER
Lastlogin of type TIMESTAMP (or datetime)
Thislogin of type TIMESTAMP (or datetime)
When the user logs in, in PHP, update that user's information in the database by incrementing their login count and by getting the timestamp using PHP's built in date() function. After successful login, first transfer the info stored in 'Thislogin' to the 'Lastlogin' field, and then insert the new date/time into 'Thislogin'.
7. Strip backslashes, HTML, SQL and PHP tags from any form field data
If someone maliciously tries to send HTML, SQL or PHP code through a text field entry not meant to expect it, they can disrupt or break your code. An example of an attack this is meant to help stop is the SQL Injection attack. Use the following PHP functions to strip out such text:
strip_tags(), str_replace() and stripslashes()
Example: $username = @strip_tags($login);
Example: $username = @stripslashes($login);
8. Use $_POST not $_REQUEST
If your HTML form uses POST to send the data to the login script, then make sure your login script gets the input data using $_POST, and not $_REQUEST. The latter would allow someone to pass data via GET, on the end of the URL string.
9. In general, limit user access according to their role
Design your system to give users specific layers, or subsets of access. Not everyone needs to be all powerful, nor all knowing. Using the unix group idea as your starting point. Classify users and give them features based on that. If you have a system with multiple users who have different roles, give them functionality based on those roles. Accountants, and only allow accountants can see financial data, not warehouse inventory or much else. The person at the cash register can enter in a sale, but not delete it. That is a managers job, and needs override permission. Etc....
Conclusion
You should now have a somewhat complete picture of what can be done to create a secure, login based site. Most of what I have discussed refers to programming, and your code. I have not discussed the finer points of security, which I briefly mentioned at the introduction and have to do with our most human failings. Outside of the scope of this article are additional security measures such as requiring your users to choose non-obvious passwords, forcing users to change passwords every 30 to 90 days, training them not to give out their password over the phone, and so on.....
Always keep in mind, security is meant to slow down an attack enough for you to capture the intruder, or fend them off and then correct the security hole. If you think your site is 100% intruder proof, think again.


Notice from rvalkass:

Anything you copy needs to be in QUOTE tags. Please read the readme and list of BBCodes. Copied from http://forums.xisto.com/no_longer_exists/

Share this post


Link to post
Share on other sites

We've been studying web 2.0 in class lately. I've actually led a discussion on the topic. Web 2.0 is all about collaboration. Working together for the common goal. It's like.....Linux. Take Linux for example. An operating system is made and freely distributed. Anybody can use it AND anybody can update/improve it. The only catch is that they share the information on how to improve it with everyone else. By working together we get a lot more done. So web 2.0 is like Facebook and Flickr.com and other sites that are built and maintained on mass collaboration.Think about youtube.com. It gives you the tools to display videos and stuff like that......but wouldn't survive without the work of the people. Without sharing of information and collaborating ideas, it wouldn't last. It's run by the people. So basically web 2.0 is hard to define.....but it's all about working together. Wikipedia is a web 2.0 site. MySpace is a web 2.0 site. Anything that is helped improved by the masses can be considered web 2.0

Share this post


Link to post
Share on other sites

Web 2.0 is basically a web site that visitors (or members) of that site make up the content of the site. Like this forum, the majority of the content that you see in here is made up by members of this forum. That's Web 2.0Although AJAX is really popular these days, web sites without AJAX can still be called Web 2.0. However, it would be nice to implement AJAX just to ease things.

Share this post


Link to post
Share on other sites

Well I think that Web 2.0 is all about www2.somesite.com and so on I have even noticed now www3.somesite.com but I am not really certain on this and I cannot confirm it all so take this and check it out I don't have time really.Also I would like to correct you about something and that is .com bubble isn't in fact as you provided it emerging of new .com companies but closing of them as many companies bankrupted and people started to sell their shares on the market that is why this even in 1999 -2001 when some people say that it happened is called .com bubble people just lost iniciative and staerted selling shares on the stock market after which all .com companies falled in price.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.