| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
Comments:
<0> Artnez_: i'm running debian sarge so i just use their package manager, but i've done a purge and reinstall
<1> Artnez_ http://bianchi.no-ip.net/jen/Photos/Rebecca/Month%2019%20(11).JPG
<0> well, i purged php4-gd
<2> jsalbre: have you tried a function_exists() on some of the others?
<2> ie: imagecreate()
<0> no, one sec
<2> b1n0ry: cute ... why do all programmers have girls
<2> you know they all want boys
<1> nah, we wanted a girl
<3> hello b1n0ry
<3> can you help me quickly again
<1> hmm... all programmers want boys... that doesn't sound quite right
<2> tis the truth i speak!
<1> you want boys?
<3> hello b1n0ry?
<2> not yet, too early
<2> however in a few years i'll be ready for kids -- then i will want a girl
<1> Artnez_ you are not getting my alternate meaning of -want- ... you -want- boys?
<2> but i am not a programmer :D
<4> girls are cool too :+
<2> never will be until i tell my boss to leave me alone and get into C++
<1> i'm not a programmer either
<1> i'm a manufacturing automation engineer
<3> hello b1nory
<3> can you help me
<2> i re-read the first 4 chapters of a great book on C++ about 6 times now but work keeps keeping me away from it
<2> sharmaa: what the **** is wrong with you.. hah
<1> sharmaa just ask your question, don't ask to ask
<1> i took a course on c++ in college
<3> http://pastebin.com/571415
<2> would you prefer web programming or creating desktop apps?
<3> how can i when i press on one of the radio buttons
<1> web programming
<2> less b.s. i ***ume?
<3> that i store that value and so that i can then make an sql query
<3> with it
<1> sharmaa: you need to have your inputs in a form. set the form method to post and values will be sent as variables (in the $_POST array) to the action page.
<2> sharmaa: may i suggest a tutorial? it's much easier to understand that IRC chat...
<1> sharmaa: www.w3schools.com
<2> *than IRC chat :)
<1> i have a hard time articulating at 10:30 pm
<1> Artnez_: yeah, less BS, and i think it's faster development to get results. makes it easy for people, no special libraries or incompatibility issues to deal with.
<2> this is exactly what keeps driving me away from that and keeps me around the web development sphere
<2> just bugs the **** out of me that it's not considered 'real' programming
<1> Artnez_: i'm working on a few projects right now. i have one in planning and that is creating a socket interface for PHP to OPC servers. that will be interesting and will open up a whole new world to PHP programming if it works out.
<2> kind of want to see for myself what the 'big leagues' are all about
<1> Artnez_: honestly, it's not a huge deal. in fact i do some programming for our company both web and non-web.
<1> Jymmm lol, she'd like that
<1> she'd laugh
<2> though i dont consider myself dumb. i've written (and designed, mind you) some pretty big projects for my company and it still felt like alot of work..heh
<0> now that's some weird ****
<1> Jymmm not now, she's in bed
<2> but extending PHP seems fun :D have you ever worked with ruby on rails?
<1> Jymmm did you see the pic?
<5> hi, i've got a system that operates across multiple domain names and i am trying to find a way to securely transfer session data from one of the domains to another. they are all running on the same server. how can i do this?
<6> no
<1> Jymmm http://bianchi.no-ip.net/jen/Photos/Rebecca/Month%2019%20(11).JPG
<1> don't ask me, the wife named the pic
<1> i've told her "lower case, no special characters"
<2> Lafy_: you'll have some issues, to say the least
<2> first, rule out cross domain cookies
<6> b1n0ry: She's cute, lil fuzzy though and you really need to wash her feet, their red.
<2> so session data and cookies need to go
<1> Jymmm: that's her cousin
<5> Artnez_: what do you mean?
<1> Jymmm: she's the one on the left
<0> Artnez_: that screenshot i showed ya'll was phpinfo() from inside of phpmyadmin. when i make a standalone file and put phpinfo() in it GD doesn't show up
<6> b1n0ry: OH.... my bad
<1> jsalbre: my guess would be that phpadmin is using ini_set or loading a module or two
<1> phpmyadmin
<2> Lafy_: Cross domain cookies are unsafe. In other words, you cannot, say, create a cookie with a user's ID, save their session in a database.. and retrieve it again when they go to a new domain.
<0> b1n0ry: suggestions?
<2> Most browsers simply won't work that way.
<6> b1n0ry: Yeah, she's gonna be keeping you up nights in about 9 years or so =)
<1> jsalbre: what's the problem?
<0> i need GD loaded
<7> How do I enable "Virtual Directory Support"?
<1> Jymmm: i know, not looking forward to it
<1> jsalbre: what platform?
<0> debian sarge
<5> Artnez_: can i stick their sessionid into a cookie that is legible to the domain they are about to go to?
<2> Lafy_: Your dilemma lies in one area ... how can you confirm that "Joe" is really "Joe" when he jumps from one domain to another.
<0> i've installed the php4-gd package
<6> b1n0ry: Jut start practicing reloading rocksalt shutgun shells now...
<2> Lafy_: No, you can't. If you could do this, I could set a cookie for yahoo.com in practice
<2> Trust me, i've looked into cross domain cookies in and out. I came to the conclusion that asking the users to re-login is the only secure way to p*** them back and forth between domains.
<0> Lafy_: call up microsoft and ask how P***port works ;)
<5> Artnez_: then what is the domain parameter in setcookie for?
<1> Lafy_: cross domain cookies aren't safe, aren't happy, and even if you do manage to create them will be detected by most antispyware apps as a tracking cookie and it will be deleted.
<2> Lafy_: for subdomains
<6> b1n0ry: LOL, teach her to become a nudist now... that way in 9+ years you can check her for hickys and take aim, ready , fire!
<2> Lafy_: example: subdomain.mydomain.com will not work at just mydomain.com
<6> b1n0ry: Your not a farmer by chance are ya?
<2> Lafy_: The only secure way of doing this is to store the session data in the database.
<5> Artnez_: how does php confirm that the browser that sends it a sessionid is really the browser to which it issued that session id?
<2> Then , when the user goes to the other domain .. they are asked to login.
<1> Jymmm: no
<2> After they login, their previous session data is retrieved.
<2> YOu will then run into the problem of 'what if multiple users login'
<1> Lafy_ the client keeps the session id in a cookie and the local server keeps it in a file
<2> Lafy_: Session data is stored in cookies.
<5> right but how does the server know that the session id that the browser sent isn'
<5> t faked
<2> If you browse through your cookies (hoep your using firefox) you will find something like PHP_SESSID in the cookies list
<1> Lafy_ it doesn't that's why there are session hijacking attacks
<1> Lafy_ that's why sessions alone are not secure
<2> Lafy_: there is no way for PHP to detect this. For that reason, you must use the session_regenerate_id() function WHENEVER THE USER STATE CHANGES
<2> that way the old ID will not be valid and will not work if hijacked
<1> and typically maintain something like the IP address that the session was issued to in a DB or something
<2> b1n0ry is correct. I also prefer to generate a token.. something like:
<0> yay! i figured it out!
<2> sha1( $_SERVER['HTTP_USER_AGENT'] . ip() );
<2> ip() would be a function that gets the user's ip
<0> it's a debian package management problem
<1> Artnez_ i create a token too though only on user logins. i don't care if someone hijacks an anonymous user session.
<0> it added the extension, but didn't activate it in php.ini :)
<1> Artnez_ token i create: $authkey = md5(crypt($p***word,$timeloggedin));
<0> Artnez_, b1n0ry: thanks for your help ;)
<1> jsalbre: lol, not much help, was i?
<2> b1n0ry: i dont like putting their p*** in there but i have a cl*** that handles it pretty heavily
<0> b1n0ry: what you said about phpmyadmin loading modules made me think about checking the config closer
<2> i can pastebin it if you want for interest however i didnt comment it because i was in a rush
<1> Artnez_ i don't mind it if non-reversible
<1> md5(crypt( with salt of the login time isn't revealing really anything about the p***word
<2> b1n0ry: you're right ... but im one of those paranoid people. i create session_set() session_get() and session_del() functions to access session variables
<2> and i hash all session names
<0> see ya'll, thanks again
<2> *variable names
<1> man, there are more computers in this house than people
<2> it actually saved my hide once, one of our server admins left a hole open and an attacker went in. we monitored him viewing session data files and saw nothing but hash names and hash values lol
<1> wife's got a laptop and a desktop, i have a laptop and a desktop, there are 3 servers... 7 systems is probably enough for now.
<2> b1n0ry: i envy you
<1> Artnez_ were you here when i was talking about the security business that a friend of mine and i had for awhile?
<2> i have such big dreams for the ultimate computer room. for now, i cant even afford another box to stick a linux distro on and ease my developement times
<2> b1n0ry: no, wasnt around
<1> Artnez_ we bascially hacked people's systems to find the major holes. had some pretty big customers.
<2> walked a thin line i ***ume...
<2> they could have used that against you if you did what i think you did
<1> Artnez_: we didn't do anything without being contacted by the client first.
<2> ah, i see
<2> gullible little me :)
<8> is this #php?
<1> Myconid: yes
<9> Myconid: No
<9> This is ##php
<8> k.. wasnt sure if it was #ihaveabigpenis
<8> or #offtopic
Return to
#php
or
Go to some related
logs:
gnome partition editor blocked ubuntu
#php
ubandead
#linux
#web
#gentoo
suse makedvd
#perl
#lisp
warpedcoders
|
|
.JPG){kind=link}