| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
Comments:
<0> dan__t: how?
<1> danf_1979: ya, how?
<0> er... danf_1979
<2> anyone?
<3> Viflux, Stormchaser, I would not allow it in shared host environment
<3> I'm too paranoid
<1> Why?
<3> Because devels lose track of $vars, and they can be over written
<1> A) What does that have to do with shared hosting?
<3> *You* dont code all stuff on shared host environment
<3> you have to trust on other devels "habilities"
<0> danf_1979: If you're thinking about register_globals being evil and whatnot, then you only know briefly or do not know at all...
<1> B) Bad developers lose track of variables.
<3> Viflux, there are plenty
<3> Do you really think, all devels are good enough?
<3> Do you really think, in a shared environment only secure software exists?
<0> danf_1979: There ate only about 20% of *good* programmers alive.
<0> dan__t: Do you think secure software exists?
<1> What does a shared hosting have to do with register_globals?
<0> Dammit.
<3> Stormchaser, security *must* be a developer concern, especially if you run a webhosting company
<3> register globals on, is a no go
<1> Smells like FUD to me.
<3> Ok, read some security books then
<3> PHP Essential Security
<3> it's a good start
<0> danf_1979: Yes. Developers *SHOULD* consider security firs, but as said, most of them don't follow the security matrix.
<1> lol
<1> danf_1979: I don't need to read the books, I could've wrote most of them. :(
<3> Stormchaser, thats what I'm talking about
<4> there's a security matrix?
<4> where?
<0> I can write secure code with register_globals on. I have no problem with them.
<1> danf_1979: register_globals may not be the best idea, but there's nothing inherently wrong with it. It's not like having register_globals on means your server is instantly hackable.
<3> Stormchaser, you are not all devels!
<3> No, ofcourse
<4> i write secure software because i mysql_escape_string all my variables... :) <NOT>
<0> danf_1979: As said: Only 20% of the developers write *GOOD* code.
<5> apparently there are quite a few AJAX php toolkits
<5> http://ajax.phpmagazine.net/php_and_ajax/
<1> danf_1979: As long as you initialize all your variables (which most developers do, in my experience), you're fine.
<4> i only write good code 20% of the time...
<5> has anyone used any of them?
<4> does that make me a developer that writes *GOOD* code?
<4> :-P
<3> Stormchaser, ok, I dont know the %, I haven't read any statistics about it. But what I do know, is that SEVERAL so called "web designers", makes the most wonderful and nice websites
<3> but poor security
<6> hi, I'm trying to replace text in an html page (without bastardising the HTML tags) regex was my best idea, but I'm having problems with the expression, and suggestions?
<1> trogdoraoeu: AJAX does not specifically require a framework on the server side, any attempt to convince you of this is erroneous. Your AJAX could hit my blog, it could hit the zend site, it can hit whatever you want.
<3> and you MUST give them hosting
<6> *any
<1> danf_1979: Explain how register_globals being on could possibly violate the security of your server...
<4> Viflux: he got kicked.
<1> bashusr: I was in mid response :(
<0> danf_1979: I still don't get it... You're sating that without register_globals on you CANNOT write crappy and unsecure code?
<4> Viflux: its been discussed already.... that's why it is disabled.
<7> !+globals
<8> [GLOBALS] There is $GLOBALS --> http://php.net/manual/en/reserved.variables.php#reserved.variables.globals or you might have meant Register Globals --> http://php.net/manual/en/security.globals.php
<4> Viflux: it is directly related to security... but it makes it easier to breach security...
<4> isn't*
<3> No no, I'm not saying that Stormchaser
<3> I'm saying that it's not secure to enable that in a shared host environment
<3> You *don't* control other devels
<6> if globals is on, and I declare a variable as global, and someone knows what that variable is, then if I plop some data in as GET, POST or COOKIE, I can potentiallyviolate it
<6> *register_globals
<1> danf_1979: What does shared hosting have to do with it? It isn't as though (***uming you and I are on the same shared host) your code can mess with mine...
<0> Viflux: I didn't kicked it... I pointed out that PHP has nothing to do with XMLHttpRequest. Yet he still pastes the links to the sites which aren't supposed to be posted here.
<6> well, there was a bit of an embar***ing issue with sessions and shared hosting a while back...
<0> Jymmm: Probably
<1> Jymmm: s/hear/read and you have it
<7> Stormchaser: Ah, i was wondering why my ears wrere ringing
<0> danf_1979: Do you have something else, something like the usually FUD to promote?
<9> hi
<3> Viflux, consider this... shared hosts vary on security measures... If I get to execute malicious code in a given website, what would prevent me to see other peoples databses usernames and p***words?
<1> lol
<9> is there a php-equivalent to embperl's hidden-function ?
<0> Jymmm: Will you or should I?
<7> Stormchaser go for it
<10> why?
<1> he was amusing
<0> philip: Because he's seeding FUD about register_globals
<10> register_globals isn't bad
<11> Does a throw new Exception... return from the function immediately?
<9> Cody`, it should
<11> k
<0> danf_1979: The specified security practices has absolutely NOTHING to do with the security problems, that you specified. Think and read about, what register_globals does, and I'll unmute you.
<11> Thanks
<1> Cody`: Breaks the code block and escalates until it finds a try{} and then looks for a catch...no catch = unhandled :)
<9> does anyone know how to insert hidden inputs into a from ?
<0> o.O
<10> echo '<input type="hidden"...'; :)
<1> thorsten: Wrong room, but <input type="hidden"
<9> i mean in embedde perl there is the "hidden" which inserts inputs automatically that are p***ed from the previous form
<11> Viflux: Thanks.
<9> Viflux, why wrong room ?
<10> thorsten: create your own
<0> thorsten: This isn't #perl, as you can see.
<9> Stormchaser, right, i want to programm in phph
<9> Stormchaser, but i allready know that function from embedde perl, and i want to know how to do it in php
<10> you must create your own in php
<1> thorsten: Your question seemed like an HTML question. There's no magic way to p*** values from one page to the next, you'll have to do it manually.
<9> philip, oh
<10> or, you could use a session
<9> Viflux, but i must figure out which inputs are allready defined
<9> Viflux, is that possible ?
<1> thorsten: Then you must code it :)
<10> loop through $_POST for example
<9> is there a php-function which can tell me which inputs are allready defined ?
<10> and for example compare it to an array of known names
<9> philip, right, but i need to kick those out which are allready defined in the current form
<1> thorsten: You'll have to check the $_POST array.
<1> thorsten: Alternatively, you could use sessions. Store the value (when first created) in $_SESSION and then check that array. If it's not set, grab it from $_POST. Either way, you'll have to think this out because there's not magical way of doing it.
<9> Viflux, ok ill concentrate more on sessions
<0> danf_1979: I hope I don't hear any more uneducated BS from you.
<3> Well the fact is, I'm not flaming register globals... but I have a hosting shared environment, and some of my clients no nothing about security measures...
<0> danf_1979: Which includes you as well. Now this conversation is over.
<10> people should need a license before they create websites :)
<0> lol :)
<1> philip: We'd all be a lot wealthier...well some of us at least.
<12> heh
<10> being the guy who manages the licenses... now that's where it's at :)
<0> Viflux: and healthier as well ;) *cough*less_stress*cough*
<10> ##php would be much smaller
<13> I'l sell you a web site creation license for $100
<0> for about 440 people? :)
<14> Stormchaser: whats the current conversation?
<13> $74.99 if you act now. License valid for 5 years.
<0> itrebal: That I left the oven opened and that my toilet is running away.
<14> Stormchaser: sounds good
<0> :)
<14> lol, sounds fasinating
<15> hi.. i have a question: http://rafb.net/paste/results/mn9QWc85.html
<9> im using html-authentication with $_SERVER['PHP_AUTH_USER'], now to log out i want the browser to forget the login data, how do i do that ?
<9> my problem is that the browser always remebers the last login
<14> i wish my printer worked...
<9> and sends it
<0> Here
<14> Stormchaser: thanks
<9> maybe it can be done with the header-command ?
<15> when i use the script i pasted on a free php webhosting site, it streams megs of data, but my bandwidth on the site does not increase, so i was wondering if i was directly downloading from the source, or does the data still go through that server @_@
<16> is it possible to store an array in $_SESSION?
<14> F0rdPr3f3ct: absolutely
<16> itrebal, how do I access an element in this array?
<16> $_SESSION['arrayname']['indexname']?
<14> yup
<14> god damn.... i hate it when i make silly mistakes... i couldnt figure out why this wasn't workign: unset($queries); $this->queries = $queries;
<1> lol
<0> itrebal: *bink*
Return to
#php
or
Go to some related
logs:
shmfs suse 10
#css
#kernel
#math
usbdisk ubuntu free space
KInfoCenter shows indirect rendering
remove root password ubuntu
#perl
andrejkw ip
egrep only evens
|
|