php-general Digest 18 Jun 2006 15:06:23 -0000 Issue 4192
Topics (messages 238212 through 238227):
WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ ·Ñ¹ã¨
238212 by: WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ
·Ñ¹ã¨
238214 by: WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ
·Ñ¹ã¨
238215 by: WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ
·Ñ¹ã¨
Re: GET, POST, REQUEST
238213 by: David Tulloh
238217 by: Satyam
238219 by: Tom Rogers
238220 by: Manuel Lemos
238221 by: Satyam
ImageCopyResized() function
238216 by: BBC
238223 by: Jochem Maas
best solution for page acess right
238218 by: Alain Roger
238227 by: João Cândido de Souza Neto
Want some PHP e-book
238222 by: prolibertine
238224 by: Jochem Maas
238225 by: tedd
238226 by: tedd
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
php-general@lists.php.net
----------------------------------------------------------------------
--- Begin Message ---
WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ ·Ñ¹ã¨
¢Ò¶١ Licensed Windows XP Pro, win 98, 98 se, Office XP Small, Office
XP Professional, Office Pro 2003 ¶Ù¡ÁÒ¡ ¢Í§á·éá¹è¹Í¹ 100 %
µÔ´µèÍ Paisarn 06-5881135
- Windows 95 ẺÁÕ CD ¤ÃºªØ´ 200 bath
- Windows 98 book+COA only 800 bath
- Windows 98 book+COA+CD 1,000 bath
- Windows 98 SE book + COA + CD ÊÕ¢ÒÇãËÁè 1,500 bath
- Windows 2000 Professional + CD 2,700 bath
- Windows ME ¤ÙèÁ×Í + COA + CD 1,800 bath
- Windows XP Home Edition ¤ÙèÁ×Í + COA 2,000 bath
- Windows XP Home Edition ¤ÙèÁ×Í + COA + CD 2,700 bath
- Windows XP Professional ¤ÙèÁ×Í + COA 2,400 bath
- Windows XP Professional ¤ÙèÁ×Í + COA+CD 3,500bath
- Microsoft Office Pro 2003 7,500 bath
- Microsoft Office Basic 5500
µÔ´µèÍ Paisarn 06-5881135, 02-8966280
[EMAIL PROTECTED]
«×éÍËÅÒªشÊèǹŴÂÔè§à¾ÔèÁ¤ÃѺ ºÃÔ¡ÒÃÊ觶֧·Õè ¡·Á.-µ¨Ç.¾ÃéÍÁãºàÊÃç¨ãËé
--- End Message ---
--- Begin Message ---
WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ ·Ñ¹ã¨
¢Ò¶١ Licensed Windows XP Pro, win 98, 98 se, Office XP Small, Office
XP Professional, Office Pro 2003 ¶Ù¡ÁÒ¡ ¢Í§á·éá¹è¹Í¹ 100 %
µÔ´µèÍ Paisarn 06-5881135
- Windows 95 ẺÁÕ CD ¤ÃºªØ´ 200 bath
- Windows 98 book+COA only 800 bath
- Windows 98 book+COA+CD 1,000 bath
- Windows 98 SE book + COA + CD ÊÕ¢ÒÇãËÁè 1,500 bath
- Windows 2000 Professional + CD 2,700 bath
- Windows ME ¤ÙèÁ×Í + COA + CD 1,800 bath
- Windows XP Home Edition ¤ÙèÁ×Í + COA 2,000 bath
- Windows XP Home Edition ¤ÙèÁ×Í + COA + CD 2,700 bath
- Windows XP Professional ¤ÙèÁ×Í + COA 2,400 bath
- Windows XP Professional ¤ÙèÁ×Í + COA+CD 3,500bath
- Microsoft Office Pro 2003 7,500 bath
- Microsoft Office Basic 5500
µÔ´µèÍ Paisarn 06-5881135, 02-8966280
[EMAIL PROTECTED]
«×éÍËÅÒªشÊèǹŴÂÔè§à¾ÔèÁ¤ÃѺ ºÃÔ¡ÒÃÊ觶֧·Õè ¡·Á.-µ¨Ç.¾ÃéÍÁãºàÊÃç¨ãËé
--- End Message ---
--- Begin Message ---
WINDOW/OFFICE àÃÒÃѺ«×éÍ - ÃѺ¨Ó¹Ó §èÒ æ à§Ô¹´èǹ·Ñ¹·Õ ·Ñ¹ã¨
¢Ò¶١ Licensed Windows XP Pro, win 98, 98 se, Office XP Small, Office
XP Professional, Office Pro 2003 ¶Ù¡ÁÒ¡ ¢Í§á·éá¹è¹Í¹ 100 %
µÔ´µèÍ Paisarn 06-5881135
- Windows 95 ẺÁÕ CD ¤ÃºªØ´ 200 bath
- Windows 98 book+COA only 800 bath
- Windows 98 book+COA+CD 1,000 bath
- Windows 98 SE book + COA + CD ÊÕ¢ÒÇãËÁè 1,500 bath
- Windows 2000 Professional + CD 2,700 bath
- Windows ME ¤ÙèÁ×Í + COA + CD 1,800 bath
- Windows XP Home Edition ¤ÙèÁ×Í + COA 2,000 bath
- Windows XP Home Edition ¤ÙèÁ×Í + COA + CD 2,700 bath
- Windows XP Professional ¤ÙèÁ×Í + COA 2,400 bath
- Windows XP Professional ¤ÙèÁ×Í + COA+CD 3,500bath
- Microsoft Office Pro 2003 7,500 bath
- Microsoft Office Basic 5500
µÔ´µèÍ Paisarn 06-5881135, 02-8966280
[EMAIL PROTECTED]
«×éÍËÅÒªشÊèǹŴÂÔè§à¾ÔèÁ¤ÃѺ ºÃÔ¡ÒÃÊ觶֧·Õè ¡·Á.-µ¨Ç.¾ÃéÍÁãºàÊÃç¨ãËé
--- End Message ---
--- Begin Message ---
I don't think that using request over post adds anything in the way of
security, at the most it's going to delay an attacker for up to a
minute. I advocate using request if it's convenient, it can also open a
few nice tricks for advanced users. Using request allows me to bookmark
a login page, so hitting the bookmark will log me in and take me
straight to the main page. Passing data through get instead of post is
not necessarily a malicious attack.
David
Ben Ramsey wrote:
> On 6/17/06 3:07 PM, Anthony Ettinger wrote:
>
>> it's more like painting the color of your front door, but still
>> leaving it unlocked. It doesn't change the fact that people can still
>> open the door.
>>
>> every input field needs to be validated regardless of get vs. post.
>> the web developer toolbar for firefox can easily convert all form
>> fields to one or the other, so it's trivial to send a get request as
>> post, and vice-versa.
>>
>
> Which is why, if you read the last paragraph of my post, it said that
> there are two things you must do: 1) always check the origin of the
> input and 2) always filter (validate) the input.
>
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Rory Browne" <[EMAIL PROTECTED]>
Good code won't be vulnerable to register_globals either, but having
register_globals on is a security problem because there are security flaws
that can only be exploited when register_globals is enabled.
Actually, code quality cannot overcome the vulnerability of
register_globals. Every program will have global variables.
register_globals=on may overwrite a valid global variable, one totally
unrelated to user input, with a value coming from the request, and there is
nothing good coding can do about it. The chances that an external user might
hit the right variable name are slim (unless a disgruntled former
programmer) but they exist.
Satyam
--- End Message ---
--- Begin Message ---
Hi,
Sunday, June 18, 2006, 5:19:20 PM, you wrote:
S> ----- Original Message -----
S> From: "Rory Browne" <[EMAIL PROTECTED]>
>>
>> Good code won't be vulnerable to register_globals either, but having
>> register_globals on is a security problem because there are security flaws
>> that can only be exploited when register_globals is enabled.
>>
S> Actually, code quality cannot overcome the vulnerability of
S> register_globals. Every program will have global variables.
S> register_globals=on may overwrite a valid global variable, one totally
S> unrelated to user input, with a value coming from the request, and there is
S> nothing good coding can do about it. The chances that an external user might
S> hit the right variable name are slim (unless a disgruntled former
S> programmer) but they exist.
S> Satyam
Just get into the habit of setting all variables to known values
before using them will take care of this problem. Set the warning
level to E_ALL and get warned when using variables that have not been
set to good values while in the development phase.
--
regards,
Tom
--- End Message ---
--- Begin Message ---
Hello,
on 06/18/2006 04:19 AM Satyam said the following:
>> Good code won't be vulnerable to register_globals either, but having
>> register_globals on is a security problem because there are security
>> flaws
>> that can only be exploited when register_globals is enabled.
>>
>
> Actually, code quality cannot overcome the vulnerability of
> register_globals. Every program will have global variables.
> register_globals=on may overwrite a valid global variable, one totally
> unrelated to user input, with a value coming from the request, and there
> is nothing good coding can do about it. The chances that an external
> user might hit the right variable name are slim (unless a disgruntled
> former programmer) but they exist.
There is a big misunderstanding about this matter. Having register
globals on does not make PHP overwrite global variables. It rather may
initialize global variables with values related to the request.
There may only be a problem with scripts that assumed those global
variables would not be initialized before the start of a script. Even if
there is a problem due to a distraction of the developer, it may not
even be necessarily a security problem.
If you initialize your script global variables properly, having register
globals on will never be a problem to you. You may also read this as, if
you are a competent developer, you will not make these silly mistakes,
especially by now when we all are so over the issue and triple checked
our code bases.
--
Regards,
Manuel Lemos
Metastorage - Data object relational mapping layer generator
http://www.metastorage.net/
PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Manuel Lemos" <[EMAIL PROTECTED]>
To: "PHP List" <php-general@lists.php.net>
Sent: Sunday, June 18, 2006 10:12 AM
Subject: Re: [PHP] GET, POST, REQUEST
Hello,
on 06/18/2006 04:19 AM Satyam said the following:
Good code won't be vulnerable to register_globals either, but having
register_globals on is a security problem because there are security
flaws
that can only be exploited when register_globals is enabled.
Actually, code quality cannot overcome the vulnerability of
register_globals. Every program will have global variables.
register_globals=on may overwrite a valid global variable, one totally
unrelated to user input, with a value coming from the request, and there
is nothing good coding can do about it. The chances that an external
user might hit the right variable name are slim (unless a disgruntled
former programmer) but they exist.
There is a big misunderstanding about this matter. Having register
globals on does not make PHP overwrite global variables. It rather may
initialize global variables with values related to the request.
There may only be a problem with scripts that assumed those global
variables would not be initialized before the start of a script. Even if
there is a problem due to a distraction of the developer, it may not
even be necessarily a security problem.
If you initialize your script global variables properly, having register
globals on will never be a problem to you. You may also read this as, if
you are a competent developer, you will not make these silly mistakes,
especially by now when we all are so over the issue and triple checked
our code bases.
--
Indeed, you are absolutely right, sorry I caused any confusion about this.
Satyam
--- End Message ---
--- Begin Message ---
Hi all.
is any one know how to use these functions, and what for are they:
imagecreatetruecolor();
imagecreatefromjpeg();
ImageCopyResized();
ImageDestroy();
Best regard
BBC
--- End Message ---
--- Begin Message ---
BBC wrote:
> Hi all.
> is any one know how to use these functions, and what for are they:
> imagecreatetruecolor();
> imagecreatefromjpeg();
creating image resource.
> ImageCopyResized();
copy and resize image resource.
> ImageDestroy();
destroy image resource.
RTFM: http://php.net/gd
>
>
> Best regard
> BBC
--- End Message ---
--- Begin Message ---
Hi,
I have a web administration application which allow particular users to
store into DB some information.
Information will be later on displayed dynamically on the website.
However, among these users, some should be able just to see information,
some others just to write, and so on...
therefore i need a system how to grant access right to these users.
I know that there are several solutions for such situation, but i would like
to know your feedback on these solutions and what is for you the best one to
implement.
one that i know, i can create 3 tables in my DB : account, module and
accessright.
-in account are stored all user accounts
-in module are stored all php pages belonging to each module
-in accessright are stored a join of user's account, pages and their
relative access right to each page.
But maybe it exists a simpler solution and also good enough.
thanks a lot,
Alain
--- End Message ---
--- Begin Message ---
Sometimes i've been used this solution pointed out by you. I think it's a
good way, though has more detailed way, it depends on your level care.
""Alain Roger"" <[EMAIL PROTECTED]> escreveu na mensagem
news:[EMAIL PROTECTED]
> Hi,
>
> I have a web administration application which allow particular users to
> store into DB some information.
> Information will be later on displayed dynamically on the website.
>
> However, among these users, some should be able just to see information,
> some others just to write, and so on...
>
> therefore i need a system how to grant access right to these users.
> I know that there are several solutions for such situation, but i would
> like
> to know your feedback on these solutions and what is for you the best one
> to
> implement.
>
> one that i know, i can create 3 tables in my DB : account, module and
> accessright.
> -in account are stored all user accounts
> -in module are stored all php pages belonging to each module
> -in accessright are stored a join of user's account, pages and their
> relative access right to each page.
>
> But maybe it exists a simpler solution and also good enough.
>
> thanks a lot,
>
> Alain
>
--- End Message ---
--- Begin Message ---
i am a newbie of php .i want get some php ebook to read.
who can send me some
thx
--
/**********************************************************
* Love in AJAX J2ME and Python
* Look at my website and my blog
* http://www.pinzui.cn
* 希望宝宝可以永远快乐,你是最棒的。
**********************************************************/
--- End Message ---
--- Begin Message ---
prolibertine wrote:
> i am a newbie of php .i want get some php ebook to read.
http://php.net/docs.php
> who can send me some
> thx
--- End Message ---
--- Begin Message ---
At 5:27 PM +0800 6/18/06, prolibertine wrote:
>i am a newbie of php .i want get some php ebook to read.
>who can send me some
>thx
Amazon.com
tedd
--
------------------------------------------------------------------------------------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
--- Begin Message ---
At 5:27 PM +0800 6/18/06, prolibertine wrote:
>i am a newbie of php .i want get some php ebook to read.
>who can send me some
>thx
Sorry for other post, I misread "ebook". I thought you were asking for free
books.
In any event, you might review these links:
http://www.htmlgoodies.com/beyond/php/article.php/3472391
http://www.w3schools.com/php/default.asp
http://www.weberdev.com/ViewArticle/433
http://www.weberdev.com/Manuals/
http://www.unf.edu/~rita0001/eresources/php_tutorials/index.htm
http://www.phpit.net/article/back-to-basics-arrays/
hth's
tedd
--
------------------------------------------------------------------------------------
http://sperling.com http://ancientstones.com http://earthstones.com
--- End Message ---
