Show Posts
|
Pages: 1 2
|
1
|
Security & Performance / Performance and Tuning / Browser Caching - Impacts
|
on: Apr 25, 2011, 09:31:10 am
|
I have a fairly complex web application and I've used browser caching to really speed up delivery.
Unfortunately, the QA team often forgets to clear their browser caches, and the average user never clears theirs.
How can I retain the advantages of browser caching, but still have the browser refresh the files when necessary?
There's actually two sets of files - some are library files which will NEVER change (dojo), and some are local, which change infrequently.
The system is fairly stable.
|
|
|
7
|
Server Scripting / PHP / PHP Warning: Illegal offset type in isset or empty
|
on: Mar 05, 2011, 10:39:24 am
|
Why do I get this warning?  Highlight Mode: (PHP) <?php $data = new SimpleXMLElement($xml); $aPost['url']='banshee.com'; $aPost['id']='zonk'; $bValid=true; foreach ($data->fields->field as $f) if (isset($aPost[$f->name])) { $f->value=$aPost[$f->name]; if (!preg_match('/^'.$f->regex.'$/',$aPost[$f->name])) { $f->invalid=(bool)true; $bValid=false; echo $f->name.' is invalid!'; } } ?>
Highlight Mode: (XML) <?xml version="1.0" encoding="utf-8" ?> <interface> <name>Works</name> <fields> <field> <name>URL</name> <length>255</length> <validation>[\w\.\-]{2,255}</validation> <default>domain.com</default> <label>URL</label> <value>url.com</value> <required>true</required> <errortext>Letters, numbers, periods and dashes only</er rortext> </field> <field> <name>id</name> <length>11</length> <validation>[\d]{1,11}</validation> <default>1</default> <label>Id</label> <required>true</required> <errortext>Ids must be all digits</errortext> </field> </fields> </interface>
|
|
|
9
|
Security & Performance / Security Issues / Stats check - what's really happening here?
|
on: Feb 23, 2011, 09:39:26 am
|
This is a screenshot from my blog.
You can see a bunch of different hits, often within the same second, from a huge variety of IP addresses.
What's happening?
The blog doesn't allow any kind of comment posting, no one can register, and the content isn't particularly exciting.
Why would anyone, or anything, waste the time and bandwidth to request these pages?
|
|
|
10
|
Server Scripting / PHP / Re: Converting eregi to preg_replace....
|
on: Feb 21, 2011, 05:45:58 am
|
... or this ... Highlight Mode: (PHP) <?php $some_text='The Cat likes to sleep'; $word='cat'; $rep_string='http://catz.com'; $some_text = eregi_replace("([[:space:]()[{}])($word)", "\\1<a href='$rep_string'>\\2</a>", $some_text); echo $some_text.PHP_EOL; echo $some_text.PHP_EOL;
|
|
|
13
|
Security & Performance / Security Issues / Re: Encrypting Passwords....now of little use?
|
on: Feb 10, 2011, 06:45:02 am
|
I think it is good to have the reset function change the password, for client-side security. Lots of people have cookies that contain their login information. The cookies often live much longer than they should, especially on shared computers, and if you request a new password, resetting it makes it a little more difficult for someone to hijack the account.
The complexity of passwords is important, too. Forcing users to create passwords that include upper and lowercase letters, digits, and symbols makes it more difficult for people to guess the passwords.
From a user perspective, I prefer a reset on my password recovery, because it makes me feel more 'secure'. Since the application logic to do a reset is simple, that's the approach I use.
The ease of password recovery has a huge impact on how I work with a site/provider/application. For the billing interface of my web hosting provider, there's one account that I can never remember the password. I just reset it every time I need to make an update, which is very rarely, less than once a year. I reset it a couple of weeks ago, forgot to log in, and still have no idea what it is. On other accounts, I'm using generated passwords which are impossible to remember, and I just have yellow stickies with the passwords, but not the account/username.
|
|
|
14
|
Server Scripting / SQL & Database / Re: MySQL and enum
|
on: Jan 27, 2011, 07:05:37 am
|
I like that. It keeps the values in the database, so different languages can still use them, and it uses integers for the data which is good for performance, it insulates the value from its meaning, and it's more flexible and portable than enums.
Thank you.
|
|
|
15
|
Server Scripting / SQL & Database / Re: MySQL and enum
|
on: Jan 27, 2011, 05:41:32 am
|
The .ini settings aren't really related to the question, they were the only text I had to support the enum question. A lot of times, I need an array to assign strings to values for databases - like this: Highlight Mode: (PHP) $aStatusMap = array(0=>'pending',1=>'activated',2=>'locked',3=>'disabled');
And then when the (integer) data comes out of the database, I translate it: Highlight Mode: (PHP) $sStatus = $aStatusMap[$database_value['status']];
But if I used an enum type, it would be: Highlight Mode: (PHP) $sStatus = $database_value['status'];
If the database is accessed by different (programming) languages or code, the string values will be preserved and accurate, because they are in the database, rather than defined in code. In addition, if the database changes, the code has to change. PHP to get the enum values and default from the database: Highlight Mode: (PHP) if ($result = $mysqli->query("SHOW COLUMNS FROM test LIKE 'enum_col'")) { $row = $result->fetch_assoc(); $sType = $row['Type']; echo 'Field name: '.$row['Field'].PHP_EOL .'Valid values: '.var_export($aValues,true).PHP_EOL .'Default: '.$row['Default']; $result->close();
Output: Field name: enum_col Valid values: array ( 0 => 'one', 1 => 'two', 2 => 'three', ) Default: two And Perl code: Highlight Mode: (Perl) #!/usr/bin/perl use DBI; $dbh = DBI->connect('DBI:mysql:test', '', '' ) || die "Could not connect to database: $DBI::errstr"; $sth = $dbh->prepare('SHOW COLUMNS FROM test LIKE \'enum_col\''); $sth->execute(); $result = $sth->fetchrow_hashref(); print "Values returned: $result->{Type}\n"; print "Default: $result->{Default}\n"; $sth->finish(); $dbh->disconnect();
Output: Values returned: enum('one','two','three') Default: two http://dev.mysql.com/doc/refman/5.0/en/enum.htmlIs this a good idea, or am I missing something?
|
|
|
16
|
Server Scripting / SQL & Database / Re: MySQL and enum
|
on: Jan 26, 2011, 06:07:32 am
|
I saw it in one of those best practices lists - enums are stored as integers, although they're accessed as strings. It can save you from having to write annoying constant translation lists, where you use and integer to represent something, like a status.
From the create table / alter table add column:
`status` enum('pending','activated','locked','disabled') default 'pending',
And the associated .ini settings for Zend Framework, using dojo's FilteringSelect to allow and administrator to assign the status:
; status element ; These MUST match the definitions in the user table elements.status.type = "FilteringSelect" elements.status.options.label = "Status" elements.status.options.dijitParams.searchAttr = "name" elements.status.options.autoComplete = true elements.status.options.required = "true" elements.status.options.validators.inarray.validator = "InArray" elements.status.options.validators.inarray.options.haystack[] = "pending" elements.status.options.validators.inarray.options.haystack[] = "activated" elements.status.options.validators.inarray.options.haystack[] = "disabled" elements.status.options.validators.inarray.options.haystack[] = "locked" elements.status.options.validators.inarray.options.messages.notInArray = "Invalid status" elements.status.options.multioptions.pending = "pending" elements.status.options.multioptions.activated = "activated" elements.status.options.multioptions.disabled = "disabled" elements.status.options.multioptions.locked = "locked"
Finally, it's multilingual, xgettext will translate any text it can find a definition for into another layer.
I was talking with the database guy at work, and he said enums aren't portable across databases.
A quick look on the 'net showed that Oracle didn't seem to have direct enum support.
It may also be a security boost - since invalid enum values are stored as '' (empty strings).
|
|
|
18
|
Server Scripting / PHP / Re: Minutes between two dates
|
on: Jan 14, 2011, 10:13:43 am
|
Sounds like a rounding error, after the results are returned, like Ed mentioned ... Highlight Mode: (PHP) $start='2011-01-01 00:00:00'; $end='2011-01-03 17:40:00'; $total_seconds=abs($end_time-$start_time); $seconds = (int)($total_seconds % 60); $minutes = (int)(($total_seconds / 60) % 60); $hours = (int)($total_seconds / 3600); echo 'Integers:'.PHP_EOL; echo $hours.':'.$minutes.':'.$seconds.PHP_EOL; $seconds = round($total_seconds % 60); $minutes = round(($total_seconds / 60) % 60); $hours = round($total_seconds / 3600); echo 'Floats:'.PHP_EOL; echo $hours.':'.$minutes.':'.$seconds.PHP_EOL; $seconds = floor($total_seconds % 60); $minutes = floor(($total_seconds / 60) % 60); $hours = floor($total_seconds / 3600); echo 'Floats - with floor:'.PHP_EOL; echo $hours.':'.$minutes.':'.$seconds.PHP_EOL;
Output Integers: 65:40:0 Floats: 66:40:0 Floats - with floor: 65:40:0
|
|
|
19
|
Security & Performance / Performance and Tuning / Apache Index Listing Configuration
|
on: Jan 14, 2011, 07:13:58 am
|
Sometimes you need to allow people to choose files from the server, but you don't want to write code to list the files. You can customize Apache's IndexOptions and wrap the listing with some XHTML and CSS to create a nice interface. # Allow display of directory Options +Indexes # Configure display options for directory IndexOptions +FancyIndexing +FoldersFirst +SuppressDescription +SuppressHTMLPreamble +XHTML +HTMLTable +SuppressRules +SuppressIcon AddType text/html .html # Suppress the display of .gz and .email files in directory listings IndexIgnore *.gz *.email # Header and footer files for directory listings HeaderName "/hdr/Header.html" ReadmeName "/hdr/Footer.html" Reference: http://httpd.apache.org/docs/2.0/mod/mod_autoindex.html
|
|
|
|