[PHP] Re: secure code
Here is exactly what you are looking for: "The Open Web Application Security Project" http://www.owasp.org/ best. Anil On Wed, 28 May 2003, Tim Burgan wrote: > Hello, > > I'm wondering if you can recommend any resources that discuss writing secure > code and how to put the best methods in place to prevent hackers. > > I'm particularly looking at resources from the web coding perspective, not > securing a server. > > Or, what things to you do to 'block' hackers. > > Thanks > Tim Burgan > > -- Linuxense Information Systems Pvt. Ltd., Trivandrum, India http://www.linuxense.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Passing variables between servers
You cannot avoid using cookies. When you use Sessions web server is making use of cookies (unless you go for URL rewriting) which remains in the browser until one quits the browser. To tackle your situation, you can effectively make use of a database table and a session cookie: 1. set a session cookie (different from one set by the server) as a soon as as a login is successful. This cookie should be set in such a way that the browser will send it back to any server in your domain. The value for this cookie can be the same as the value PHP generated for the Session ID. If you prefer to use some other value make sure that it is different for each session for each user to avoid security issues. 2. Store this value and the user ID (or something else to identify that user in your app) in a table. 3. Remove this row from the table when the user logs out or on Session timeout. Now, when the user is taken to your ASP server, browser will send that cookie set by the PHP server along with the request and the ASP server can query the database for that cookie value to get the user ID. If it can find it in the table the application can make sure that the request is valid and the rest of the info can be pulled from the database. Anil On Wed, 21 Aug 2002, Mark McCulligh wrote: > I have two server. One running PHP/Linux the other running ASP/2000. > The user logins into the PHP server and session variables are made to hold > their username, password, department, etc.. The site from time to time > redirect the user to the ASP server. I want to pass the session variable > across to the other server. I can't use the GET method. > (www.domain.com/form.asp?username=Mark.) because putting the password on > the address bar is not an option. The ASP server will redirect them back > when they are done on it. It will pass back the variables just in case the > session on the PHP server has expired for the PHP server can create a new > session if needed. > > I don't want to use a cookie. > > I was thinking of using cURL but I can't fine any information about using it > in ASP. I know how to use cURL in PHP to redirect the user to the ASP > server and pass the variables in the POST method, but not the other way. > > Any ideas would be a GREAT help. > Mark. > > _ > Mark McCulligh, Application Developer / Analyst > Sykes Canada Corporation www.SykesCanada.com > [EMAIL PROTECTED] > > > -- +91 471 324341 (Office) +91 98473 22280 (Cell) Linuxense Information Systems Pvt. Ltd., Trivandrum, India http://www.linuxense.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Simple regexp
You can use the following pattern with preg_match:
"/([a-f0-9]+)((:[a-f0-9]+){7})/i"
I made an assumption that you are using the x:x:x:x:x:x:x:x address
format.
Anil
On Wed, 28 Aug 2002, Adam Alkins wrote:
> Hi Folks,
>
> Seeking some guidance here. My regexp knowledge is pathetic. I want to do a simple
>validation of an ipv6 address. I just want to validate the entire string (not
>specific blocks) if it has the allowed charachters.
>
> I though ereg('[A-Fa-f0-9:]') would work, but it isn't. Anyone can help me with
>this? IPv6 addresses are just Hex with : characters, so I just need to validate that
>for the entire string.
>
> Thanks for your time.
> --
> Adam Alkins
> http://www.rasadam.com
> --
>
--
+91 471 324341 (Office)
+91 98473 22280 (Cell)
Linuxense Information Systems Pvt. Ltd., Trivandrum, India
http://www.linuxense.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Generating Barcodes and printing
Also: http://www.mribti.com/barcode/ On Thu, 27 Jun 2002, Peter wrote: > Read the stuff you find on google first though - there was an article I read > about certain inks absorbing InfraRed light so barcodes printed in them will > not work! > The HP ink used in the Deskjet 693 and 660 seems to be ok for this job. > > > "Phpcoder" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi, > > I would like to generate barcodes and have it print out the barcode > > automatically from awebpage, is this possible? How? > > Thanks > > > > > -- +91 471 329302 (Office) +91 9473 22280 (Cell) Linuxense Information Systems Pvt. Ltd., Trivandrum, India http://www.linuxense.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Two cases going to same case?
Can't you write it this way?
switch( $bar) {
case 2:
...
case 1:
...
case 3:
...
}
On Sun, 30 Jun 2002, Leif K-Brooks wrote:
> I have a switch in a script I'm working on. I need to have case 1 and 2
> both to to case 3, but without case 1 going through case 2. Is this
> possible?
>
>
--
+91 471 329302 (Office)
+91 9473 22280 (Cell)
Linuxense Information Systems Pvt. Ltd., Trivandrum, India
http://www.linuxense.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restart Apache with PHP???
Writing something like this as part of a Web application is definitely a bad idea. The requirement is more like that of a remote administration system and Webmin (http://www.webmin.com/) cleanly and safely fits the bill. Webmin can actually do more than just restarting Apache. But it can be configured to do only that. best regards. Anil On Wed, 3 Sep 2003, Jason Sheets wrote: > More safely maybe, but even that solution could be exploited somewhat > easily. The script that writes the file would be better off as a CGI > than executed through the Apache module, this would allow you to > restrict write access to the directory where the file that triggers the > restart is stored to the owner of the script, you could then further > restrict access to this script through .htccess or other means. If you > make a file trigger a cronned job to restart the server if you are using > mod_php the directory must be writable to the user the web server runs > as which means that anyone who can execute php code through the > webserver can trigger a server restart by writing the file, you could > even cron it to write the file every minute effectively shutting the > server down (whether it be web or the actual system itself). > > Doing something like this takes a lot of thought, it can be made > difficult to exploit but you need to do more than just make a cron > pickup a file, excellent starting place though. > > Jason > > Dan Anderson wrote: > > >Search the archives. Somebody wanted to restart their server using a > >web page, and a clever solution was pointed out. By creating a script > >that monitored for a particular file in temp and restarted the server if > >it existed it, and cronning it for every minute, they could do it safely > >and securely. > > > >-Dan > > > >On Tue, 2003-09-02 at 12:19, Joe Harman wrote: > > > > > >>Hey guys & gals... > >> > >>Is there a way to restart Apache with a PHP command? > >> > >> > >> > >>Joe Harman > >> > >> > >> > >> > > > > > > > -- Linuxense Information Systems Pvt. Ltd., Trivandrum, India http://www.linuxense.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: weird header() (bug may be)
This is not a bug. Here you expect that the script should end executing
after the statement:header('Location:to_another_page.php') if the "if"
statement is true. But it won't and it proceeds to the next statement;
the next header statement:header('Location:to_previous_page.php');
An "exit" statement after the first header will solve the problem. With
most browsers, if multiple redirect headers are received, the last
instruction is followed. I'm not sure what the RFC says about this.
Anil
On Thu, 12 Feb 2004, adwinwijaya wrote:
> Hello php-generaler's ,
>
> I have a script like this :
>
> if($foo == 'something'){
> header('Location:to_another_page.php') ;
> }else
> {
>do another thing in here
> }
>
> header('Location:to_previous_page.php');
>
>
> I got a problem ... when $foo == 'something' .. it wont redirect me
> to to_another_page.php but if I put die(); after calling
> header(); .. it will work ...
>
> is this the bug ?
>
> I use php 4.3.4 ... and Apache 2.x
>
> thanks
>
>
>
--
Linuxense Information Systems Pvt. Ltd., Trivandrum, India
http://www.linuxense.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Cybercash Dynamic Module
On Tue, 24 Feb 2004, Suhas wrote: > > If I get the permission to complie PHP with give module, can I just go > with ./configure --with cybercah=DIR ? > I think it will kill my original install. Is there any way to append the > configuration as needed? I am sure many of you may have similar situation. > Answer to the dump question (because none seems to give an answer :) ). Run phpinfo() and you will get the original configuration command in its output. Anil -- Linuxense Information Systems Pvt. Ltd., Trivandrum, India http://www.linuxense.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: server side redirects
On Thu, 4 Mar 2004, matthew oatham wrote:
> Hi,
>
> I have a page that checks to see if a session exists and if so does a
> server side redirect - i tired using header("Location:
> membersArea.php"); but I got an error about headers already sent, guess
HTTP 1.1 needs the redirect string of the form: Location:
http://hostname/resource
Most of the browsers are tolerant in this case though. But it would be
good idea to stick with standards.
> this is because I have already output html before this php command. So I
Verify your PHP scripts. Make sure that there is no character ( space
character or even empty lines) lying around outside PHP open/close tags.
Avoid putting new lines, spaces, etc.. outside PHP open/close tags
especially while writing library files which are meant for include-ing.
best
Anil
--
Linuxense Information Systems Pvt. Ltd., Trivandrum, India
http://www.linuxense.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
