1)Window.open(url,id,extra_param) where extra_param may be toolbar=no;width,height etc.
2)window.location(url) to go to another url;
Monday, January 25, 2010
Sunday, January 24, 2010
Commands to know
Check the current runlevel :
1)who -r or runlevel
Change the runlevel :
init n where n=1to 6 0:halt 1:single user 2-5:multiuser 6:reboot
* man init ,update-rc.d
* link http://www.cyberciti.biz/tips/linux-changing-run-levels.html
Remove the job from running automatically in a run-level
* sudo update-rc.d -f cups remove
* sudo update cups defaults
But if the next time package is upgraded , the links(to /etc/init.d/) will again be made.
So better rename the start script to stop script S to K
Also rc.local is the script which is run after all run-level scripts have been run.Can be pretty useful to put startup commands here.
2) Command line short-cut
Take arguments from previous command : (!*)
like touch temp;rm !*; removes it
3)finger -l username : to check the details about a user like logged in,idle time,terminal etc .
.plan in home dir can be used for additional info
.nofinger can be used to restrict fingering.
4)sudo apt-get install dict-gcide
To install the webster dictionary on ubuntu
5) To find a directory/file
find / -name 'dirname' -type d
1)who -r or runlevel
Change the runlevel :
init n where n=1to 6 0:halt 1:single user 2-5:multiuser 6:reboot
* man init ,update-rc.d
* link http://www.cyberciti.biz/tips/linux-changing-run-levels.html
Remove the job from running automatically in a run-level
* sudo update-rc.d -f cups remove
* sudo update cups defaults
But if the next time package is upgraded , the links(to /etc/init.d/) will again be made.
So better rename the start script to stop script S to K
Also rc.local is the script which is run after all run-level scripts have been run.Can be pretty useful to put startup commands here.
2) Command line short-cut
Take arguments from previous command : (!*)
like touch temp;rm !*; removes it
3)finger -l username : to check the details about a user like logged in,idle time,terminal etc .
.plan in home dir can be used for additional info
.nofinger can be used to restrict fingering.
4)sudo apt-get install dict-gcide
To install the webster dictionary on ubuntu
5) To find a directory/file
find / -name 'dirname' -type d
Thursday, January 21, 2010
Vim editor.. I love it
Just found a great tip about vim.
If you have to append say "good" at the end of each line just do this:
:% normal A good
here normal is a command which tell Vi to use a normal char (in this case A for append) as part of command.
If you have to append say "good" at the end of each line just do this:
:% normal A good
here normal is a command which tell Vi to use a normal char (in this case A for append) as part of command.
Monday, January 18, 2010
Javascript code to check attributes of an object
If you have firebug enabled, you can view the attr of an obj using:
console.log(object);
console.log(object);
Sunday, January 10, 2010
PHP security issues / bad feature #php
Register Globals (register_globals)
In short, register_globals was meant to help rapid application development. Take for example this URL, http://yoursite.tld/index.php?var=1, which includes a query string. The register_globals statement allows us to access the value with $var instead of $_GET['var'] automatically. This might sound useful to you, but unfortunately all variables in the code now have this property, and we can now easily get into PHP applications that do not protect against this unintended consequence.
The following code snippet is just one common example you will see in PHP scripts:
eg :if( !empty( $_POST['username'] ) && $_POST['username'] == 'test' && !empty( $_POST['password'] ) && $_POST['password'] == "test123" )
{
$access = true;
}
f the application is running with register_globals ON, a user could just place access=1 into a query string, and would then have access to whatever the script is running.
Disabling with .htaccess
In short, register_globals was meant to help rapid application development. Take for example this URL, http://yoursite.tld/index.php?var=1, which includes a query string. The register_globals statement allows us to access the value with $var instead of $_GET['var'] automatically. This might sound useful to you, but unfortunately all variables in the code now have this property, and we can now easily get into PHP applications that do not protect against this unintended consequence.
The following code snippet is just one common example you will see in PHP scripts:
eg :if( !empty( $_POST['username'] ) && $_POST['username'] == 'test' && !empty( $_POST['password'] ) && $_POST['password'] == "test123" )
{
$access = true;
}
f the application is running with register_globals ON, a user could just place access=1 into a query string, and would then have access to whatever the script is running.
Disabling with .htaccess
php_flag register_globals 0Disabling with php.ini
register_globals = Off
Ref:http://net.tutsplus.com/tutorials/php/5-helpful-tips-for-creating-secure-php-applications/
PHP security issues #php
Use password hashing along with salts to make the task of hackers as difficult as possible.
In PHP you can generate hashes using the md5() and sha1 functions. md5() returns a 128-bit hash (32 hexadecimal characters), whereas sha1() returns a 160-bit hash (40 hexadecimal characters). For example:
Using salt to make the hash more random:
http://phpsec.org/articles/2005/password-hashing.html
In PHP you can generate hashes using the md5() and sha1 functions. md5() returns a 128-bit hash (32 hexadecimal characters), whereas sha1() returns a 160-bit hash (40 hexadecimal characters). For example:
$string = 'PHP & Information Security';
printf("Original string: %s\n", $string);
printf("MD5 hash: %s\n", md5($string));
printf("SHA-1 hash: %s\n", sha1($string));
?>Using salt to make the hash more random:
define('SALT_LENGTH', 9);
function generateHash($plainText, $salt = null)
{
if ($salt === null)
{
$salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
}
else
{
$salt = substr($salt, 0, SALT_LENGTH);
}
return $salt . sha1($salt . $plainText);
}
?>http://phpsec.org/articles/2005/password-hashing.html
Injection Prevention - mysql_real_escape_string() #mysql
What mysql_real_escape_string does is take a string that is going to be used in a MySQL query and return the same string with all SQL Injection attempts safely escaped. Basically, it will replace those troublesome quotes(') a user might enter with a MySQL-safe substitute, an escaped quote \'.
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
Subscribe to:
Posts (Atom)