Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 02:46, David Harkness davi...@highgearmedia.com wrote: To address the OP, I would agree with skipping trim on both the user name and password. If it's a copy-paste error, they will try again. They do try again: copying and pasting in the exact same manner. It keeps happening. If you want to get fancy, warn when the password starts with or ends with spaces if it comes back incorrect, but I think that's probably going to be so rare as not to be worth the extra effort. I've changed it to warn client-side (javascript) if there are leading or trailing spaces in the the username only: Your username [begins||ends] with an errant space. Please reenter your credentials more carefully. I hope that they figure out to check their passwords as well. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 06:51, Paul M Foster pa...@quillandmouse.com wrote: I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. And so you assume everyone can do that? I can remember maybe 5 of the passwords I regularly need. (I rarely repeat passwords for different sites.) In addition, some passwords have been *assigned* to me and cannot readily be changed (and are usually difficult to remember). Many of the rest I so seldom use that it would be silly to try to remember them. Particularly when I do have a password-locked file I can use to record them for me. Exactly. Even Lifehacker is now assigning passwords since the Gawker exploit. Lifehacker users cannot choose their own passwords anymore, they are assigned passwords. Under the circumstances I described, I have yet to hear in what way copying and pasting passwords compromises security of anything by itself. Please enlighten me. I think this is the underwear rule: never leave passwords/underwear out in the open where everyone can see them. Also, change them frequently. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 07:00, David Hutto smokefl...@gmail.com wrote: Correct me if I'm wrong, but If you initially type the username and password into a file, and you have, in my paranoid scenario, a keylogger you don't know about, it get's logged, but also, i assume it would get logged if you typed it in as well, on the site, or that someone could lift the password if given the authority on your system, correct? There is little us as serverside programmers can do when the user's system is already compromised. However, securing the password down the wire is certainly our job. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Well, let's see. My system sits behind a firewall. No external services are advertised to the internet. All internal addresses are non-routable. I do not use or have any wifi. The system sits in my home office. I use a Debian Linux system and practice very safe computing. I often investigate little-known sites before surfing to them, and never accept temptations to click on ads. In fact, I have my /etc/hosts file set up to block the vast majority of ad servers (I see a fraction of the ads most people see). I never download content of questionable origin, nor accept it from others without investigating it first. I have a root kit detector installed, which I periodically use. I'm the only person who uses this computer. No one who enters this space is more knowledgeable than I am about computers (= not capable of hacking a computer). Hi Paul - I am interested in knowing how you prevent intrusion with your firewall when it is a known fact that post 9/11 companies that develop such leave ports open for Big Brother as required. Remember Green Lantern, Carnivore and the like are roaming around and used by various agencies. Even though a firewall reports that the ports are blocked, they aren't. Limiting surfing to only trusted sites does limit vulnerability, but for the last couple of years, Google, Yahoo, Fbook, Youtube are compromised by hackers installing Antivirus 2009, Antivirus 2010, etc. viruses. With a long list of sites improperly setting cookies, passwords and usernames are easily compromised when a person visits other sites. Most importantly, how do you verify that the Internet Service provider has not been compromised? Using SSL to pass passwords is still not 100 percent safe as people may think because the real problem lies in what and where the web site stores your information on the server. How do you thwart these possible and other intrusion nodes? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Static content at runtime
On Tue, 28 Dec 2010 23:25:57 -0600 Donovan Brooke li...@euca.us wrote: and btw, I found that Billy Hoffman article to be inaccurate in many of his assertions. Would you mind sharing in what ways you found his assertions inaccurate? Kind regards, Kim Cheers, Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 11:20, Omega -1911 1911...@gmail.com wrote: Hi Paul - I am interested in knowing how you prevent intrusion with your firewall when it is a known fact that post 9/11 companies that develop such leave ports open for Big Brother as required. Remember Green Lantern, Carnivore and the like are roaming around and used by various agencies. Even though a firewall reports that the ports are blocked, they aren't. Limiting surfing to only trusted sites does limit vulnerability, but for the last couple of years, Google, Yahoo, Fbook, Youtube are compromised by hackers installing Antivirus 2009, Antivirus 2010, etc. viruses. With a long list of sites improperly setting cookies, passwords and usernames are easily compromised when a person visits other sites. Most importantly, how do you verify that the Internet Service provider has not been compromised? Using SSL to pass passwords is still not 100 percent safe as people may think because the real problem lies in what and where the web site stores your information on the server. How do you thwart these possible and other intrusion nodes? A different password on each potentially-weak site? Lasspass is great for this. You can then export and print your Lastpass data, put it on a removable media, or access it via web access. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Hi Doran - that may partially work, but what happens on the site's level? If the site is hacked, millions of passwords are stolen. All of the hard work put forth to protect your pc becomes useless. I think it has to be a two way street ... On a shared host, security and the ability to capture passwords is easily compromised.
[PHP] Printing PDF
Hi! I have an app that needs to be created, and it is all running on linux. I am sure I shoulnd't really write it using PHP, but it's kinda what I know, and am familiar with... so I am thinking about doing with PHP. Anyway, for simplicity sake, i am creating a pdf through php (no problems there) and it needs to be printed. I've never done printing on linux, but is there an easy way to send the pdf print job via command lines to the local (or network) printer? a friend of mine said postscript or cups, but I am not familiar with them, so I thought I would ask you GURU's here :) thank in advance! Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing PDF
On Wed, 29 Dec 2010 10:36:30 -0500 Steve Staples sstap...@mnsi.net wrote: Hi! I have an app that needs to be created, and it is all running on linux. I am sure I shoulnd't really write it using PHP, but it's kinda what I know, and am familiar with... so I am thinking about doing with PHP. Anyway, for simplicity sake, i am creating a pdf through php (no problems there) and it needs to be printed. I've never done printing on linux, but is there an easy way to send the pdf print job via command lines to the local (or network) printer? a friend of mine said postscript or cups, but I am not familiar with them, so I thought I would ask you GURU's here :) thank in advance! Steve You could use the lpr command. Info here : http://www.marksanborn.net/linux/printing-from-the-linux-command-line/ Greg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 04:20:58AM -0500, Omega -1911 wrote: Well, let's see. My system sits behind a firewall. No external services are advertised to the internet. All internal addresses are non-routable. I do not use or have any wifi. The system sits in my home office. I use a Debian Linux system and practice very safe computing. I often investigate little-known sites before surfing to them, and never accept temptations to click on ads. In fact, I have my /etc/hosts file set up to block the vast majority of ad servers (I see a fraction of the ads most people see). I never download content of questionable origin, nor accept it from others without investigating it first. I have a root kit detector installed, which I periodically use. I'm the only person who uses this computer. No one who enters this space is more knowledgeable than I am about computers (= not capable of hacking a computer). Hi Paul - I am interested in knowing how you prevent intrusion with your firewall when it is a known fact that post 9/11 companies that develop such leave ports open for Big Brother as required. Remember Green Lantern, Carnivore and the like are roaming around and used by various agencies. Even though a firewall reports that the ports are blocked, they aren't. Carnivore was an email sniffing program. I can't find a reference to Green Lantern as it relates to computer hacking. As for the well known fact that companies leave ports open for the government, it must be well known to people other than me. Such claims are sometimes true, sometimes specious. I'd have to see real evidence first. (Don't get me wrong-- I wouldn't be surprised.) And ports which show blocked but aren't? How does that work? Do routers use some sort of port knocking scheme? Beyond all this, the context you're citing is the government snooping on me. The government could seize my computer and have the NSA break my best encryption in probably minutes flat. And they'd have... what? My password to Amazon.com? My password to the Javascript mailing list? Seriously? If the government wants my stuff, they can sit an NSA van outside my house and read the E-M vibrations off my windows or somesuch. I'm really not concerned for two reasons: 1) If they want my stuff, they can get it any time wihout my permission; 2) There's not a blessed thing I can do about it; 3) There isn't anything they'd be very interested in, trust me. I rather doubt they're going to snag my credit card numbers and charge a bunch of stuff at Walmart. Also, I have it from people who know much more about network security than I do that penetrating a LAN like mine (which is pretty standard) is nearly or completely impossible *unless* a user on the inside does something stupid. Limiting surfing to only trusted sites does limit vulnerability, but for the last couple of years, Google, Yahoo, Fbook, Youtube are compromised by hackers installing Antivirus 2009, Antivirus 2010, etc. viruses. Antivirus 2009 and 2010 are generally not harmful when it comes to snagging user information. That's not what they're meant to do. They are scareware designed to get you to buy software from the company to clean fake virus infections. If Yahoo and the like have their servers compromised because of this software, then they're running Windows on internet servers, which is a bone-headed move anyway. Moreover, if the admins for these servers see warnings because of this, then they should do research before simply believing what some software tells them about their servers. (Although, considering the tech knowledge of a lot of Windows server admins, anything is possible.) And, as I mentioned, I run Linux. If I saw some silly virus warning about my computer, I'd laugh. It's not unheard of, but generally you'd have to do something stupid to get infected with a virus under Linux. After laughing, I'd run a rootkit check. And yawn. With a long list of sites improperly setting cookies, passwords and usernames are easily compromised when a person visits other sites. Most importantly, how do you verify that the Internet Service provider has not been compromised? Using SSL to pass passwords is still not 100 percent safe as people may think because the real problem lies in what and where the web site stores your information on the server. How do I know my ISP isn't compromised? Well, how the hell would *anyone* know that? You wouldn't. It's completely within the realm of possibility that my ISP would open, decrypt and read every packet I send through them. Like the government, I doubt my ISP is going to snag my credit card numbers and start charging things at Walmart. Can you imagine the PR debacle if a respected major national ISP/telephone company was caught grabbing sensitive user information and using it for nefarious purposes? And can you imagine what their rates with Mastercard and Visa would go to if such breaches were found in their infrastructure? I deal with
Re: [PHP] Static content at runtime
On 28 December 2010 17:18, k...@bitflop.com wrote: Hi. I am currently looking into improving a system that (like many systems) generate static content at runtime. I have always been against generating static content at runtime and believe static content should be generated by a cronjob or manually at some idle time (if possible). This will provide real static content (no PHP at all) that doesn't need to be checked every time a request is made hence a huge performance benefit is achieved. A nice article on the issue: http://zoompf.com/blog/2009/12/the-challenge-of-dynamically-generating-static-content Quote: The moral of the story is never make the user pay for your laziness. Do not use the application tier of a website to dynamically generate static content at runtime. Instead do it at publishing time or even do it in a daily or hourly cron job. This approach allows you all the advantages of using application logic without drastically reducing the very web performance you were trying to improve in the first place! Sometimes however many pages are linked together and when working with a system with hundreds or thousands of pages re-creating a lot of content each night perhaps isn't always the best way to do things. Especially if the content needs to be updated right away and can't wait for the nightly cronjob to do its business. To illustrate with a simple example.. A blog system with a menu that displays how many posts exists in each category. - Home - About - Tech (412) - News (2030) etc. When a new page is added to the News category every single page in the system needs to get updated in order for the menu to display the new number (2031). Some use a compromise to include only changing items (like the menu in the above example), but that would mean using PHP and not serving pure static content. Others use ugly solutions like frames. Care to share your experiences and recommendations on the issue? Kind regards --- Kim N. Lesmer As mentioned, using http://en.wikipedia.org/wiki/Server_Side_Includes is going to be the simplest way to deal with semi static data. When a new post is added, you update the text file (posts.txt), making sure you handle all the locking so that 2 posts at the same time don't end up as only 1 increment. If you find that the locking is taking too much time (which would indicate a lot of new posts simultaneously), only update the file if you can get an exclusive lock. By the time you've failed, a few more posts will have gone in and the file will have been unlocked at some stage and then updated. For something like a post count, I wouldn't consider this to be too important to be kept 100% accurate. As long as the only usage is to display to the user. If you need a realtime update, then the DB can provide it along with an AJAX refresh of the span id=postCount / element. If needed. For things like CSS and JS, these tend to be static and should probably be stored combined/minified/gzipped. Here is an old article I used to help me get rid of the JS and CSS loading on my servers : http://rakaz.nl/2006/12/make-your-pages-load-faster-by-combining-and-compressing-javascript-and-css-files.html. So, a page load will get 1 HTML, 1 CSS and 1 JS call to the server. The CSS and JS will be client side cached. For the first hit, the CSS and JS will be minified and gzipped, so lowering your bandwidth usage. I've never tried it, but I think you can also do something similar for images. Rather than 1 request per image, 1 image per page request (or fewer images per page request). http://www.quate.net/newsnet/read/48 and http://www.websiteoptimization.com/speed/tweak/combine/ So, that deals with a lot of request issues that the server is no longer needing to deal with on every single page. The server side includes for the semi-static text. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Static content at runtime
On 29 December 2010 16:34, Richard Quadling rquadl...@gmail.com wrote: On 28 December 2010 17:18, k...@bitflop.com wrote: Hi. I am currently looking into improving a system that (like many systems) generate static content at runtime. I have always been against generating static content at runtime and believe static content should be generated by a cronjob or manually at some idle time (if possible). This will provide real static content (no PHP at all) that doesn't need to be checked every time a request is made hence a huge performance benefit is achieved. A nice article on the issue: http://zoompf.com/blog/2009/12/the-challenge-of-dynamically-generating-static-content Quote: The moral of the story is never make the user pay for your laziness. Do not use the application tier of a website to dynamically generate static content at runtime. Instead do it at publishing time or even do it in a daily or hourly cron job. This approach allows you all the advantages of using application logic without drastically reducing the very web performance you were trying to improve in the first place! Sometimes however many pages are linked together and when working with a system with hundreds or thousands of pages re-creating a lot of content each night perhaps isn't always the best way to do things. Especially if the content needs to be updated right away and can't wait for the nightly cronjob to do its business. To illustrate with a simple example.. A blog system with a menu that displays how many posts exists in each category. - Home - About - Tech (412) - News (2030) etc. When a new page is added to the News category every single page in the system needs to get updated in order for the menu to display the new number (2031). Some use a compromise to include only changing items (like the menu in the above example), but that would mean using PHP and not serving pure static content. Others use ugly solutions like frames. Care to share your experiences and recommendations on the issue? Kind regards --- Kim N. Lesmer As mentioned, using http://en.wikipedia.org/wiki/Server_Side_Includes is going to be the simplest way to deal with semi static data. When a new post is added, you update the text file (posts.txt), making sure you handle all the locking so that 2 posts at the same time don't end up as only 1 increment. If you find that the locking is taking too much time (which would indicate a lot of new posts simultaneously), only update the file if you can get an exclusive lock. By the time you've failed, a few more posts will have gone in and the file will have been unlocked at some stage and then updated. For something like a post count, I wouldn't consider this to be too important to be kept 100% accurate. As long as the only usage is to display to the user. If you need a realtime update, then the DB can provide it along with an AJAX refresh of the span id=postCount / element. If needed. For things like CSS and JS, these tend to be static and should probably be stored combined/minified/gzipped. Here is an old article I used to help me get rid of the JS and CSS loading on my servers : http://rakaz.nl/2006/12/make-your-pages-load-faster-by-combining-and-compressing-javascript-and-css-files.html. So, a page load will get 1 HTML, 1 CSS and 1 JS call to the server. The CSS and JS will be client side cached. For the first hit, the CSS and JS will be minified and gzipped, so lowering your bandwidth usage. I've never tried it, but I think you can also do something similar for images. Rather than 1 request per image, 1 image per page request (or fewer images per page request). http://www.quate.net/newsnet/read/48 and http://www.websiteoptimization.com/speed/tweak/combine/ So, that deals with a lot of request issues that the server is no longer needing to deal with on every single page. The server side includes for the semi-static text. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY http://ruweb.wordpress.com/2006/08/23/combine_images_web2_ajax/ (In russian, but Google Chrome happily translated this into readable English). -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 11:06:15AM +0200, Dotan Cohen wrote: On Wed, Dec 29, 2010 at 06:51, Paul M Foster pa...@quillandmouse.com wrote: snip Under the circumstances I described, I have yet to hear in what way copying and pasting passwords compromises security of anything by itself. Please enlighten me. I think this is the underwear rule: never leave passwords/underwear out in the open where everyone can see them. Also, change them frequently. Wait... what? I should change my underwear frequently? Um... be right back. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 10:40 AM, Paul M Foster wrote: On Wed, Dec 29, 2010 at 11:06:15AM +0200, Dotan Cohen wrote: On Wed, Dec 29, 2010 at 06:51, Paul M Foster pa...@quillandmouse.com wrote: snip Under the circumstances I described, I have yet to hear in what way copying and pasting passwords compromises security of anything by itself. Please enlighten me. I think this is the underwear rule: never leave passwords/underwear out in the open where everyone can see them. Also, change them frequently. Wait... what? I should change my underwear frequently? Um... be right back. I change my underwear once a month, whether it needs it or not. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing PDF
On Wed, Dec 29, 2010 at 10:36:30AM -0500, Steve Staples wrote: Hi! I have an app that needs to be created, and it is all running on linux. I am sure I shoulnd't really write it using PHP, but it's kinda what I know, and am familiar with... so I am thinking about doing with PHP. Anyway, for simplicity sake, i am creating a pdf through php (no problems there) and it needs to be printed. I've never done printing on linux, but is there an easy way to send the pdf print job via command lines to the local (or network) printer? a friend of mine said postscript or cups, but I am not familiar with them, so I thought I would ask you GURU's here :) The big problem here is that the site is on the server and the printer is on the client (most likely). Normally if you provide a link to a PDF in a webpage, the user/client downloads that PDF and the browser tries to open it in whatever program it thinks is good for that (like XPDF under Linux). The program in which it opens the PDF will have an option to print the file. I've been printing invoices, checks and reports out of my corporate system for years this way. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Those were some pretty confident statements there. You doubt the government would want to hack your computer... Well, the U.S. tries to prevent over 1 million attacks per day as documented and has admitted to having been breached more often than not... !!! But as someone who let's just say has prior knowledge, I personally would not want your password unless I needed to do some social engineering but rather hijack your connection to hide my nefarious intent. No, your yahoo login info wouldn't be of much use, but your bank login info would be there are many who trade account info multiple times on private networks for a few dollars at a time. Your login and account info doesn't mean much to them, but a few hundred passwords can make thousands daily. Why not store passwords inside of programs like snow? With your pc being stealth, maybe you could help the government with how you do it? Carnivor can do more. Trust me. Programs like SamInside create an interesting computer environment as well.
Re: [PHP] Printing PDF
On Wed, 2010-12-29 at 11:49 -0500, Paul M Foster wrote: On Wed, Dec 29, 2010 at 10:36:30AM -0500, Steve Staples wrote: Hi! I have an app that needs to be created, and it is all running on linux. I am sure I shoulnd't really write it using PHP, but it's kinda what I know, and am familiar with... so I am thinking about doing with PHP. Anyway, for simplicity sake, i am creating a pdf through php (no problems there) and it needs to be printed. I've never done printing on linux, but is there an easy way to send the pdf print job via command lines to the local (or network) printer? a friend of mine said postscript or cups, but I am not familiar with them, so I thought I would ask you GURU's here :) The big problem here is that the site is on the server and the printer is on the client (most likely). Normally if you provide a link to a PDF in a webpage, the user/client downloads that PDF and the browser tries to open it in whatever program it thinks is good for that (like XPDF under Linux). The program in which it opens the PDF will have an option to print the file. I've been printing invoices, checks and reports out of my corporate system for years this way. Paul actually... it is a localized app (it should be more of a C++ or Java (or even Python), but I know PHP more weller than the others... and there is also a few other things they want... so right now, it will be on the local machine, but down the road, it will be on a server, but it is all on the local intranet, so the printers will be accessible. this is not a world app, just internal. I can create the PDF's no problem, it is just how to send the created pdf to the printer to print (it is a label printer, printing 3x5 labels) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
At 4:06 PM -0500 12/28/10, Daniel Brown wrote: On Tue, Dec 28, 2010 at 16:05, Dotan Cohen dotanco...@gmail.com wrote: Did you know that when you type 'brown1' we see it as **? Your system does that automatically. That's how I see it, too. It took me fourteen years to realize that my password wasn't just six asterisks Damn! Now, I have to change my password. Maybe I'll change it to *1 But seriously, I teach my students to find something that they can remember that doesn't appear in their personal data (i.e., tel number, address, SS, DOB, whatever). I suggest using a phrase such as An Apple A Day Keeps The Doctor Away and combining it with a favorite number (i.e., 18) producing a password of AAADKTDA18. Additionally, one can also make access to their data a bit more secure by changing their user id to something not personal either, such as mightymouse. As for trimming passwords and user id's, I have always done that with an explanation of what characters are allowed/required in a password -- leading/trailing spaces are not. From my perspective, if a user provides a space before/after their password, then thay have made a mistake and it's automatically trimmed regardless. As such, the practice either way does not affect anything -- it works both ways. This is from experience in dealing with users (10k db's) complaining that their user ID and/or password has somehow changed because they entered JohnDoe, johndoe, and finally johnDoe and couldn't access their account only to find that their user ID was actually jdoe. I don't want to complicate my life further by allowing leading/trailing spaces into the mix. BTW -- One of my banks told me that my user id had to be uppercase, but when I entered my user id in lowercase, it worked. There should be consistency between what the user is told and what is practiced. Make your life simpler. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to send a GPG signed EMail with a PDF attached?
Hello, currently I am searching http://phpclasses.org/ for a solution but found nothing I need. OK, I can write a string, mimeencode the PDF and send it using exec() and 'sendmail -t'. Also I could use another exec() call to GPG sign the message. But is there a more PHP NATIVE solution? I mean one without a bunch of exec() calls and I am trying to get rid of this crap in all of my scripts (~1.700.000 lines of code in total). Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: [PHP] Printing PDF
On 29 December 2010 17:24, Steve Staples sstap...@mnsi.net wrote: I can create the PDF's no problem, it is just how to send the created pdf to the printer to print (it is a label printer, printing 3x5 labels) What type of printer? Some printers require their own language and won't have any sort of PS, PCL, Esc/2 or GDI support. I've worked with industrial printers which take strings of plain text to do page layout/description. You load template layouts into the printer and can use them. Completely useless under normal circumstances. If the printer is something like an Epson TM-L90 (thermal label printer with barcode support), then sending it a PDF isn't possible as it doesn't have PS support. It is much easier to send it the string of codes to have the barcode generated within the label. On Windows, the drivers deal with all of this stuff. I've no idea on Unix. The exact model of the printer would help. -- Richard Quadling Twitter : EE : Zend @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why
change it? Where's the logic in that?
From my perspective, it looks like Hey, the crackers have not been
able to crack this, so let's give them another chance. That doesn't
sound logical.
There are things we think are right, but is this practice supported
in some way that's provable?
Cheers,
tedd
--
---
http://sperling.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
At 11:57 AM -0500 12/29/10, Omega -1911 wrote: Why not store passwords inside of programs like snow? Maybe yellow snow, but never in something permanent. My advice -- memorize your passwords -- don't commit them to storage. I have a list of passwords committed to memory that fall into three groups (i.e., high, medium, and low security). 1. Bank accounts and financial data is high. 2. Mailing list and non-financial organizations (web sites) are medium. 3. Everything else is low. If I should die, my family knows where my important accounts are and will have the legal authority to access those. Everything else, like my contribution to mankind, will pass without fanfare and fade within a couple of hours. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 12:37 PM, tedd wrote:
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why change
it? Where's the logic in that?
From my perspective, it looks like Hey, the crackers have not been able to
crack this, so let's give them another chance. That doesn't sound logical.
There are things we think are right, but is this practice supported in some
way that's provable?
Cheers,
tedd
--
---
http://sperling.com/
An attacker manages to obtain the hashes and starts an attack. You change your
password. The attacker now has to restart the attack.
Changing your passwords prevents an attack from continuing past the length of
time between password changes.
Also if they _have_ managed to crack the password changing it forces them to
crack it again, thus also limiting the time the account is compromised.
Regards,
-Josh
Joshua Kehn | josh.k...@gmail.com
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] File-Upload per Drag-N-Drop?
Hello, my users have an Online-File-Store with nearly anything they need but one feature is missing: Drag-D-Drop. I like to implement Drag-D-Drop so users can Drag a file from a File- Manager and Drop it on the Upload-Icon in my Webinterface. Can someone tell me HOW THIS WORKS? Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 11:57, Omega -1911 1911...@gmail.com wrote: Those were some pretty confident statements there. You doubt the government would want to hack your computer... Well, the U.S. tries to prevent over 1 million attacks per day as documented and has admitted to having been breached more often than not... !!! But as someone who let's just say has prior knowledge, I personally would not want your password unless I needed to do some social engineering but rather hijack your connection to hide my nefarious intent. Is that how it works out there in Indianapolis, David Chapman? Because, to the rest of the world, this whole diatribe just sounds plain silly. No, your yahoo login info wouldn't be of much use, but your bank login info would be there are many who trade account info multiple times on private networks for a few dollars at a time. Your login and account info doesn't mean much to them, but a few hundred passwords can make thousands daily. Wow. Good thing folks don't use their Yahoo! email accounts for password reminders, I guess. Just wow. Pfft. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File-Upload per Drag-N-Drop?
On Wed, Dec 29, 2010 at 13:23, Michelle Konzack linux4miche...@tamay-dogan.net wrote: Hello, my users have an Online-File-Store with nearly anything they need but one feature is missing: Drag-D-Drop. I like to implement Drag-D-Drop so users can Drag a file from a File- Manager and Drop it on the Upload-Icon in my Webinterface. Can someone tell me HOW THIS WORKS? That's more of a frontend question to which you and your six-million-line signature should check Google to find the answer. Don't get me wrong, Michelle, we've always tried to help out even with off-topic questions, but this is really pushing it a bit too far with all of the non-PHP questions you've been asking lately. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] File-Upload per Drag-N-Drop?
-Original Message- From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net] Sent: Wednesday, December 29, 2010 10:23 AM To: PHP - General Subject: [PHP] File-Upload per Drag-N-Drop? Hello, my users have an Online-File-Store with nearly anything they need but one feature is missing: Drag-D-Drop. I like to implement Drag-D-Drop so users can Drag a file from a File- Manager and Drop it on the Upload-Icon in my Webinterface. Can someone tell me HOW THIS WORKS? This sounds like RIA = Rich Internet Application. Try google'ing for it. YMMV depends on platform technology supported. Regards, Tommy Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] How to send a GPG signed EMail with a PDF attached?
-Original Message- From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net] Sent: Wednesday, December 29, 2010 9:34 AM To: PHP - General Subject: [PHP] How to send a GPG signed EMail with a PDF attached? Hello, currently I am searching http://phpclasses.org/ for a solution but found nothing I need. Phpclasses.org naturally may not have all possible solutions. Thus, the existence of search engines like google. Try keywords 'php mime encode gpg'. Regards, Tommy OK, I can write a string, mimeencode the PDF and send it using exec() and 'sendmail -t'. Also I could use another exec() call to GPG sign the message. But is there a more PHP NATIVE solution? I mean one without a bunch of exec() calls and I am trying to get rid of this crap in all of my scripts (~1.700.000 lines of code in total). Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de Linux-User #280138 with the Linux Counter, http://counter.li.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Static content at runtime
k...@bitflop.com wrote: On Tue, 28 Dec 2010 23:25:57 -0600 Donovan Brookeli...@euca.us wrote: and btw, I found that Billy Hoffman article to be inaccurate in many of his assertions. Would you mind sharing in what ways you found his assertions inaccurate? Kind regards, Kim Cheers, Donovan -- D Brooke Well sure.. I have some time.. it's the holidays. ;-) I don't entirely agree with the premise first of all... I think serving dynamic content at runtime works well 90% (loose figure) of the time and ultimately creates a system that is easy to troubleshoot and maintain, and which always has realtime accurate data. I should first preface my comments that I am not against a publishing system, nor a caching system when the project needs, or growth/performance needs, would require (or could benefit from) it.. however, I also believe that those requirements are a small portion of the projects/jobs out there these days. The author says: Since the web server is not serving a static file, there will be no Last-Modified header sent by default. That means no conditional GETs and no 304 responses which means lots of bandwidth consumption. That is not quite accurate.. a programmer can force http headers. PHP, like virtually all application tiers, produces a chucked response. This is because the web server has no idea what the content length will be because it is dynamically generated. Dynamically generated chunked responses will not send the Accept-Range header. This means no pausing or resuming or error recovering. The entire resource must be re-downloaded. First, I think he means Accept-Ranges header.. and as in my previous comment, a programmer can manipulate http headers... which makes some of his other reasoning not quite accurate. Lastly he proceeds on to illustrate a dynamic resource (http://example.com/combine.php?files=a.js|b.js|c.js), apparently, as a a reason why serving dynamic content is not as good as serving static content (for security reasons). At this point, it's really just him showing off his ability to spot hackable code I think. ;-) My answer to that is that it has nothing to do with runtime code vs. published static content, and everything to do with the noob programmer who decided to make a hackable get request a part of their app. Overall, to me that article may provoke some good thought.. but I would treat it like Rush Limbaugh.. don't buy into all of it. Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to send a GPG signed EMail with a PDF attached?
Hello Tommy Pham, Am 2010-12-29 10:38:39, hacktest Du folgendes herunter: Phpclasses.org naturally may not have all possible solutions. Thus, the existence of search engines like google. Try keywords 'php mime encode gpg'. Already done and it returns 56.000 results where the first 500 where notvery useful. But I found via the gnupgp site gpg_encrypt() and now I changed my setup to let users upload there public key and then they get the invoices crypted. Otherwise as normal EMail or alternative as SMail. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
[PHP] Re: File-Upload per Drag-N-Drop?
Hello Tommy Pham, Am 2010-12-29 10:33:30, hacktest Du folgendes herunter: This sounds like RIA = Rich Internet Application. Try google'ing for it. This was the missing keyword. Thanks. Found DHTML and posibility for a flash/gnash app which support the Drag-N-Drop. If has only to create a normal fileupload where the rest is handled as usual by PHP. Now have to check, whether gnash support it. YMMV depends on platform technology supported. Hmmm, if I see http://office.freenet.de/ and it woks on Linux the same as on MacOS X as on Windows or BeOS. Regards, Tommy Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: [PHP] Re: File-Upload per Drag-N-Drop?
On 10-12-29 02:54 PM, Michelle Konzack wrote: Hello Tommy Pham, Am 2010-12-29 10:33:30, hacktest Du folgendes herunter: This sounds like RIA = Rich Internet Application. Try google'ing for it. This was the missing keyword. Thanks. Found DHTML and posibility for a flash/gnash app which support the Drag-N-Drop. If has only to create a normal fileupload where the rest is handled as usual by PHP. Now have to check, whether gnash support it. YMMV depends on platform technology supported. Hmmm, if I seehttp://office.freenet.de/ and it woks on Linux the same as on MacOS X as on Windows or BeOS. Regards, Tommy Thanks, Greetings and nice Day/Evening Michelle Konzack You can get a nice multi upload in flash, but you cannot get drag and drop. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: File-Upload per Drag-N-Drop?
On 10-12-29 03:02 PM, Robert Cummings wrote: On 10-12-29 02:54 PM, Michelle Konzack wrote: Hello Tommy Pham, Am 2010-12-29 10:33:30, hacktest Du folgendes herunter: This sounds like RIA = Rich Internet Application. Try google'ing for it. This was the missing keyword. Thanks. Found DHTML and posibility for a flash/gnash app which support the Drag-N-Drop. If has only to create a normal fileupload where the rest is handled as usual by PHP. Now have to check, whether gnash support it. YMMV depends on platform technology supported. Hmmm, if I seehttp://office.freenet.de/ and it woks on Linux the same as on MacOS X as on Windows or BeOS. Regards, Tommy Thanks, Greetings and nice Day/Evening Michelle Konzack You can get a nice multi upload in flash, but you cannot get drag and drop. I should add that I don't know about Silverlight or whatever is the flavour of the week, but I believe you can do drag and drop with Java applets, but they'll require popup acceptance of the security privileges necessary to allow drag and drop. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: File-Upload per Drag-N-Drop?
On Wed, Dec 29, 2010 at 3:03 PM, Robert Cummings rob...@interjinn.com wrote: On 10-12-29 03:02 PM, Robert Cummings wrote: On 10-12-29 02:54 PM, Michelle Konzack wrote: Hello Tommy Pham, Am 2010-12-29 10:33:30, hacktest Du folgendes herunter: This sounds like RIA = Rich Internet Application. Try google'ing for it. This was the missing keyword. Thanks. Found DHTML and posibility for a flash/gnash app which support the Drag-N-Drop. If has only to create a normal fileupload where the rest is handled as usual by PHP. Now have to check, whether gnash support it. YMMV depends on platform technology supported. Hmmm, if I seehttp://office.freenet.de/ and it woks on Linux the same as on MacOS X as on Windows or BeOS. Regards, Tommy Thanks, Greetings and nice Day/Evening Michelle Konzack You can get a nice multi upload in flash, but you cannot get drag and drop. I should add that I don't know about Silverlight or whatever is the flavour of the week, but I believe you can do drag and drop with Java applets, but they'll require popup acceptance of the security privileges necessary to allow drag and drop. Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Flex has some as well http://www.flex888.com/296/9-flex-file-upload-examples-visited.html -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing PDF
On Wed, 2010-12-29 at 17:36 +, Richard Quadling wrote: On 29 December 2010 17:24, Steve Staples sstap...@mnsi.net wrote: I can create the PDF's no problem, it is just how to send the created pdf to the printer to print (it is a label printer, printing 3x5 labels) What type of printer? Some printers require their own language and won't have any sort of PS, PCL, Esc/2 or GDI support. I've worked with industrial printers which take strings of plain text to do page layout/description. You load template layouts into the printer and can use them. Completely useless under normal circumstances. If the printer is something like an Epson TM-L90 (thermal label printer with barcode support), then sending it a PDF isn't possible as it doesn't have PS support. It is much easier to send it the string of codes to have the barcode generated within the label. On Windows, the drivers deal with all of this stuff. I've no idea on Unix. The exact model of the printer would help. I am currently unaware of the printer model, I am mostly working at building a quote for them. I suppose I should get the make/models of what they are going to be using... and hope to hell that they are compatible. I do know that the printer has a custom formatted label, so I hope that there is some drivers or wahtever availble to linux that i can send the PDF to it to print... looks like this will be some trial and error (err... research and development?). The printing is the only real trivial part of the whole thing. maybe i should just make this all a greenscreen app, using windows .bat scripting :) thanks for all your insight, and once i get some more information, and after googleing some, if i have MORE questions, i'll be back!! hope everyone's holidays (if you celebrated any over the last few weeks) were good, and the new year treats you well! Steve -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? On Dec 29, 2010 1:22 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 11:57, Omega -1911 1911...@gmail.com wrote: Those were some pretty confident statements there. You doubt the government would want to hack your computer... Well, the U.S. tries to prevent over 1 million attacks per day as documented and has admitted to having been breached more often than not... !!! But as someone who let's just say has prior knowledge, I personally would not want your password unless I needed to do some social engineering but rather hijack your connection to hide my nefarious intent. Is that how it works out there in Indianapolis, David Chapman? Because, to the rest of the world, this whole diatribe just sounds plain silly. No, your yahoo login info wouldn't be of much use, but your bank login info would be there are many who trade account info multiple times on private networks for a few dollars at a time. Your login and account info doesn't mean much to them, but a few hundred passwords can make thousands daily. Wow. Good thing folks don't use their Yahoo! email accounts for password reminders, I guess. Just wow. Pfft. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/
Re: [PHP] Printing PDF
On Wed, Dec 29, 2010 at 3:13 PM, Steve Staples sstap...@mnsi.net wrote: On Wed, 2010-12-29 at 17:36 +, Richard Quadling wrote: On 29 December 2010 17:24, Steve Staples sstap...@mnsi.net wrote: I can create the PDF's no problem, it is just how to send the created pdf to the printer to print (it is a label printer, printing 3x5 labels) What type of printer? Some printers require their own language and won't have any sort of PS, PCL, Esc/2 or GDI support. I've worked with industrial printers which take strings of plain text to do page layout/description. You load template layouts into the printer and can use them. Completely useless under normal circumstances. If the printer is something like an Epson TM-L90 (thermal label printer with barcode support), then sending it a PDF isn't possible as it doesn't have PS support. It is much easier to send it the string of codes to have the barcode generated within the label. On Windows, the drivers deal with all of this stuff. I've no idea on Unix. The exact model of the printer would help. I am currently unaware of the printer model, I am mostly working at building a quote for them. Welcome to being a software developer. I suppose I should get the make/models of what they are going to be using... and hope to hell that they are compatible. I do know that the printer has a custom formatted label, so I hope that there is some drivers or wahtever availble to linux that i can send the PDF to it to print... looks like this will be some trial and error (err... research and development?). The printing is the only real trivial part of the whole thing. . -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File-Upload per Drag-N-Drop?
On Wed, Dec 29, 2010 at 10:30 AM, Daniel P. Brown daniel.br...@parasane.net wrote: That's more of a frontend question to which you and your six-million-line signature should check Google to find the answer. Don't get me wrong, Michelle, we've always tried to help out even with off-topic questions, but this is really pushing it a bit too far with all of the non-PHP questions you've been asking lately. a) +1 - this isn't php-general anymore this feels like michelle-development-requests (with a horribly long signature) - but I don't mean to be harsh. b) HTML5 should be what you want, at some point very soon. Silverlight isn't fully cross platform Java is your most universal applet language fFash has odd issues, but would be second best but HTML5, that's going to address it all. Google for plupload it has all the different upload applet types and tries to determine which one will be best for you. has the client side and server side pieces included. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] File-Upload per Drag-N-Drop?
On a slight tangent, but is that signature why I'm not able to read any of michelles emails on my phone? For some reason, only her emails get stuck and won't download, so I have to wait til someone else replies. To answer the question on this, I've not yet seen a cross platform answer to this question; only several different platform dependent solutions from one vendor to handle each main OS. Thanks, Ash http://www.ashleysheridan.co.uk - Reply message - From: Michael Shadle mike...@gmail.com Date: Wed, Dec 29, 2010 21:38 Subject: [PHP] File-Upload per Drag-N-Drop? To: Michelle Konzack linux4miche...@tamay-dogan.net Cc: PHP - General php-general@lists.php.net On Wed, Dec 29, 2010 at 10:30 AM, Daniel P. Brown daniel.br...@parasane.net wrote: That's more of a frontend question to which you and your six-million-line signature should check Google to find the answer. Don't get me wrong, Michelle, we've always tried to help out even with off-topic questions, but this is really pushing it a bit too far with all of the non-PHP questions you've been asking lately. a) +1 - this isn't php-general anymore this feels like michelle-development-requests (with a horribly long signature) - but I don't mean to be harsh. b) HTML5 should be what you want, at some point very soon. Silverlight isn't fully cross platform Java is your most universal applet language fFash has odd issues, but would be second best but HTML5, that's going to address it all. Google for plupload it has all the different upload applet types and tries to determine which one will be best for you. has the client side and server side pieces included. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Printing PDF
On Wed, Dec 29, 2010 at 12:24:14PM -0500, Steve Staples wrote: On Wed, 2010-12-29 at 11:49 -0500, Paul M Foster wrote: On Wed, Dec 29, 2010 at 10:36:30AM -0500, Steve Staples wrote: Hi! I have an app that needs to be created, and it is all running on linux. I am sure I shoulnd't really write it using PHP, but it's kinda what I know, and am familiar with... so I am thinking about doing with PHP. Anyway, for simplicity sake, i am creating a pdf through php (no problems there) and it needs to be printed. I've never done printing on linux, but is there an easy way to send the pdf print job via command lines to the local (or network) printer? a friend of mine said postscript or cups, but I am not familiar with them, so I thought I would ask you GURU's here :) The big problem here is that the site is on the server and the printer is on the client (most likely). Normally if you provide a link to a PDF in a webpage, the user/client downloads that PDF and the browser tries to open it in whatever program it thinks is good for that (like XPDF under Linux). The program in which it opens the PDF will have an option to print the file. I've been printing invoices, checks and reports out of my corporate system for years this way. Paul actually... it is a localized app (it should be more of a C++ or Java (or even Python), but I know PHP more weller than the others... and there is also a few other things they want... so right now, it will be on the local machine, but down the road, it will be on a server, but it is all on the local intranet, so the printers will be accessible. this is not a world app, just internal. I can create the PDF's no problem, it is just how to send the created pdf to the printer to print (it is a label printer, printing 3x5 labels) I have heard of (and seen) some Javascript code which can be embedded in a PDF to make it print without the need for what I described. But I don't recall where I saw it. Might have been on this list, so you could check the archives. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Hacking didn't work out all that well over the last couple of years either, but you could probably go, what, just a thousand feet or so to hire one of the kids from Ben Davis high school to help out. Pay them a fair wage, though I mean, with your home last appraised at $122,100 (on the 27th of July, 2007, so you might want to see if it's appreciated more in value by now), we know you can afford to pay better than minimum. Heck, if they'd pave your street as well as your driveway is sealed, that alone might help improve the value, at least a little bit. Which would be fine --- I mean, you already get the benefits of better insurance, consider how close you are to that fire hydrant. (You know the one I mean, that little bluish-green one when you turn right out of your driveway and cross the street.) Speaking of blue-green, I love that picture of Javen. Was that done right on his iPhone, or did he do it on the computer before uploading it? Pretty cool either way, just like his name. I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). It's no surprise that he's an intelligent kid, though, being born at the autumnal equinox and all (and even before sunrise that morning). That aside, you might be right. Perhaps my qualifications don't quite justify my opinion in contradicting anything you have to say. I mean, being contracted to trace people all over the world can sometimes be almost as fun as knowing what tools to use to find out who they are in the first place. Still, one shouldn't spend so much time doing just one thing, which is why we both enjoy programming. Regardless, it doesn't matter, and I see no reason to get into any kind of flame war --- especially with one of the famous Six Hounds from the Darkside of Hell. Anyway, sorry for being ten days late, but happy birthday, Chap. It was good getting to know you. And, as the Ques know, friendship is essential to the soul. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
AHHH... Searching by by an email is REALLY what you call hacking? Oh wait, you said that with all your knowledge in forensics you can find people all over the world. Thank God for Go0GlE. (remoteclerk.com) c-174-59-179-206.hsd1.pa.comcast.net - - [29/Dec/2010:10:19:50 -0800] GET /quick_calendar.php HTTP/1.1 302 227 http://webcache.googleusercontent.com/search?q=cache:a6QITlCqzRUJ:www.remoteclerk.com/content/privacy.php+%221911que%40gmail.com%22cd=6hl=enct=clnkgl=us; Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 On Wed, Dec 29, 2010 at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Hacking didn't work out all that well over the last couple of years either, but you could probably go, what, just a thousand feet or so to hire one of the kids from Ben Davis high school to help out. Pay them a fair wage, though I mean, with your home last appraised at $122,100 (on the 27th of July, 2007, so you might want to see if it's appreciated more in value by now), we know you can afford to pay better than minimum. Heck, if they'd pave your street as well as your driveway is sealed, that alone might help improve the value, at least a little bit. Which would be fine --- I mean, you already get the benefits of better insurance, consider how close you are to that fire hydrant. (You know the one I mean, that little bluish-green one when you turn right out of your driveway and cross the street.) Speaking of blue-green, I love that picture of Javen. Was that done right on his iPhone, or did he do it on the computer before uploading it? Pretty cool either way, just like his name. I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). It's no surprise that he's an intelligent kid, though, being born at the autumnal equinox and all (and even before sunrise that morning). That aside, you might be right. Perhaps my qualifications don't quite justify my opinion in contradicting anything you have to say. I mean, being contracted to trace people all over the world can sometimes be almost as fun as knowing what tools to use to find out who they are in the first place. Still, one shouldn't spend so much time doing just one thing, which is why we both enjoy programming. Regardless, it doesn't matter, and I see no reason to get into any kind of flame war --- especially with one of the famous Six Hounds from the Darkside of Hell. Anyway, sorry for being ten days late, but happy birthday, Chap. It was good getting to know you. And, as the Ques know, friendship is essential to the soul. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 18:20, Omega -1911 1911...@gmail.com wrote: AHHH... Searching by by an email is REALLY what you call hacking? Oh wait, you said that with all your knowledge in forensics you can find people all over the world. Thank God for Go0GlE. Please don't top-post. Never said I was hacking. And yes, I did see that infinite redirect-loop you call a website (well, multiple, since they all direct there). And again, yes, I used Google (among other things). However, for the rest of your statement (which you didn't even quote properly), you're confusing two different jobs. Anyway, you were the one who claimed I said your email was a lie. Go back a few messages and you'll see I never even insinuated that at all. I meant your attempt to show your conspiracy-theory-driven opinion as fact was silly. The rest of it may well have been valid, but - my apologies - I just honestly couldn't bear to keep reading it. If you're otherwise unconvinced that I had no intent on any kind of arguments or personal attacks, or if you'd like to continue with your agenda, please shoot me an email off-list, where it belongs. Even worse than anything else so far would be the two of us clogging up everyone else's inbox. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
Quote: I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Lol what. On Wed, Dec 29, 2010 at 6:20 PM, Omega -1911 1911...@gmail.com wrote: AHHH... Searching by by an email is REALLY what you call hacking? Oh wait, you said that with all your knowledge in forensics you can find people all over the world. Thank God for Go0GlE. (remoteclerk.com) c-174-59-179-206.hsd1.pa.comcast.net - - [29/Dec/2010:10:19:50 -0800] GET /quick_calendar.php HTTP/1.1 302 227 http://webcache.googleusercontent.com/search?q=cache:a6QITlCqzRUJ:www.remoteclerk.com/content/privacy.php+%221911que%40gmail.com%22cd=6hl=enct=clnkgl=us Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 On Wed, Dec 29, 2010 at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Hacking didn't work out all that well over the last couple of years either, but you could probably go, what, just a thousand feet or so to hire one of the kids from Ben Davis high school to help out. Pay them a fair wage, though I mean, with your home last appraised at $122,100 (on the 27th of July, 2007, so you might want to see if it's appreciated more in value by now), we know you can afford to pay better than minimum. Heck, if they'd pave your street as well as your driveway is sealed, that alone might help improve the value, at least a little bit. Which would be fine --- I mean, you already get the benefits of better insurance, consider how close you are to that fire hydrant. (You know the one I mean, that little bluish-green one when you turn right out of your driveway and cross the street.) Speaking of blue-green, I love that picture of Javen. Was that done right on his iPhone, or did he do it on the computer before uploading it? Pretty cool either way, just like his name. I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). It's no surprise that he's an intelligent kid, though, being born at the autumnal equinox and all (and even before sunrise that morning). That aside, you might be right. Perhaps my qualifications don't quite justify my opinion in contradicting anything you have to say. I mean, being contracted to trace people all over the world can sometimes be almost as fun as knowing what tools to use to find out who they are in the first place. Still, one shouldn't spend so much time doing just one thing, which is why we both enjoy programming. Regardless, it doesn't matter, and I see no reason to get into any kind of flame war --- especially with one of the famous Six Hounds from the Darkside of Hell. Anyway, sorry for being ten days late, but happy birthday, Chap. It was good getting to know you. And, as the Ques know, friendship is essential to the soul. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Mujtaba
Re: [PHP] Re: Do you trim() usernames and passwords?
Etiquette went out the window a while ago. As Rambo said, He drew first blood... If you could not PROVE ME WRONG, you could have kept your mouth shut. You jumped in head first. And you have YET to prove me wrong. Then to throw off the subject, you resort to telling the world who you believe I am... That's what kids do as a last resort. Now take your ball and run home. First, COULD YOU PLEASE PROVE ME WRONG? You have open doors and windows (if you know what I mean...) *PLONK* On Wed, Dec 29, 2010 at 6:29 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 18:20, Omega -1911 1911...@gmail.com wrote: AHHH... Searching by by an email is REALLY what you call hacking? Oh wait, you said that with all your knowledge in forensics you can find people all over the world. Thank God for Go0GlE. Please don't top-post. Never said I was hacking. And yes, I did see that infinite redirect-loop you call a website (well, multiple, since they all direct there). And again, yes, I used Google (among other things). However, for the rest of your statement (which you didn't even quote properly), you're confusing two different jobs. Anyway, you were the one who claimed I said your email was a lie. Go back a few messages and you'll see I never even insinuated that at all. I meant your attempt to show your conspiracy-theory-driven opinion as fact was silly. The rest of it may well have been valid, but - my apologies - I just honestly couldn't bear to keep reading it. If you're otherwise unconvinced that I had no intent on any kind of arguments or personal attacks, or if you'd like to continue with your agenda, please shoot me an email off-list, where it belongs. Even worse than anything else so far would be the two of us clogging up everyone else's inbox. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 18:38, Omega -1911 1911...@gmail.com wrote: Etiquette went out the window a while ago. As Rambo said, He drew first blood... If you could not PROVE ME WRONG, you could have kept your mouth shut. You jumped in head first. And you have YET to prove me wrong. Then to throw off the subject, you resort to telling the world who you believe I am... That's what kids do as a last resort. Now take your ball and run home. First, COULD YOU PLEASE PROVE ME WRONG? You have open doors and windows (if you know what I mean...) Like I said off-list. I'll happily keep the conversation going between us, but I sure won't continue to bother others just because that's what you feel like doing for whatever reason. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:
On Dec 29, 2010, at 12:37 PM, tedd wrote:
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why change
it? Where's the logic in that?
From my perspective, it looks like Hey, the crackers have not been able to
crack this, so let's give them another chance. That doesn't sound logical.
There are things we think are right, but is this practice supported in
some way that's provable?
Cheers,
tedd
--
---
http://sperling.com/
An attacker manages to obtain the hashes and starts an attack. You change
your password. The attacker now has to restart the attack.
Changing your passwords prevents an attack from continuing past the length of
time between password changes.
Also if they _have_ managed to crack the password changing it forces them to
crack it again, thus also limiting the time the account is compromised.
Gosh. Think about it. Lets not take the your machine is compromised case
and/or your password is moronic and/or you are not passing your password
cleartext.
So the threat is external. Now there are 2 types of external: one in house and
one on the 'net.
The one in house is simply detected by an IDS like snort looking for very rapid
login attempts. Slow walkers are no risk at all. Further if your password is
computationally hard your GigE LAN is not fast enough to support cracking a
computationally hard password before you retire. So there is no threat that
your computationally hard password will be cracked so your password is safe.
For a 'net threat, the bandwidth is even more constrained so you could live 9
lives and still not have your computationally hard password cracked. Further,
log checking at the firewall and on internal machines can easily detect
cracking attempts. I detect about 4 per day on our mailserver looking for pop
logons and about 25 a day against ssh where we don't even use passwords. ftp is
not used.
So an external threat against your machine as defined above, is not a risk.
So now lets look at the case where there is malware on your machine which will
try to brute force your computationally hard password and is smart enough to
use your graphics engine to increased computational power. Folks at MIT and
Carnegie Mellon have already numerically proved that a 12 character password is
not crackable using brute force in any reasonable timeframe. In fact an 8
character one has strength of years. I would contend that using that much power
will make its existence known to you and coupled with the fact that you restart
your computer every now and again and that you run an antivirus periodically
that will eventually find it even if you don't notice the slow down.
As you can see, cracking a password on your machine is so fruitless that no one
would even try to since if you have access to the machine a keylogger, for
example, is faster and more reliable. To thwart this you might want to run
tripwire or equivalent and institute exfiltration detection.
The big problem today is that security people in IT and security wannabee's
quote cracking numbers not based in the real world but mathematically based on
quasi real preconditions. They and some crazy guys who I know at Microsoft
along with some NIST guys are pushing 12 character minimums of upper, lower,
numbers and specials, changed every 60 days and no reuse for 2 years in
business settings. They say this will make the corporate machines safe. This is
utter BS. And, in fact, makes corporate networks even more vulnerable due to
the fact that people can't remember all these password so they write them down
or make them relatively easy thus increasing social engineering break-in
opportunities.
The best solution is to select a computationally hard password and then don't
change it unless you have to. I also recommend that you select another that is
different and use it for all 'net based logins with a extension concatenated
for each service.
This comment about if they _have_ managed to crack the password changing it
forces them to crack it again, thus also limiting the time the account is
compromised is ridiculous. First, I assume you really mean stealing rather
than cracking for the reasons above. Notwithstanding the fact that the site
broken into should immediately lock down all accounts. Whats to say that the
bad guys brake-in right after you have changed your password and they are not
noticed. You are still at risk until you change it maybe 30, 60 90, 120 days
later. So what is the real good of changing password routinely? Nada! The
probability that your change matches the threat is miniscule. It just make
people feel good. In fact ,if the bad guys broke in to a financial system they
wouldn't steal your password; they would institute immediate bank transfers.
Not only would they; they
[PHP] Regex for telephone numbers
Dear List - Thank you for all your help in the past. Here is another one I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. Thanks. Ethan MySQL 5.1 PHP 5 Linux [Debian (sid)] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Regex for telephone numbers
I suggest you try javascript. Richard L. Buskirk -Original Message- From: Ethan Rosenberg [mailto:eth...@earthlink.net] Sent: Wednesday, December 29, 2010 7:12 PM To: php-db-lists.php.net; php-general@lists.php.net Subject: [PHP] Regex for telephone numbers Dear List - Thank you for all your help in the past. Here is another one I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. Thanks. Ethan MySQL 5.1 PHP 5 Linux [Debian (sid)] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for telephone numbers
On 30/12/2010, at 1:12 PM, Ethan Rosenberg wrote:
Dear List -
Thank you for all your help in the past.
Here is another one
I would like to have a regex which would validate that a telephone number is
in the format xxx-xxx-.
Thanks.
Ethan
MySQL 5.1 PHP 5 Linux [Debian (sid)]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
\d{3}-\d{3}-\d{4}
Also, have a look at the phoneNumber method in the relevant Validate PEAR
package: http://pear.php.net/packages.php?catpid=50catname=Validate
---
Simon Welsh
Admin of http://simon.geek.nz/
Who said Microsoft never created a bug-free program? The blue screen never,
ever crashes!
http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Regex for telephone numbers
Also remove your stupid Email filter. If you need a email filter, you should not be on this list or learn to setup rules one. Richard L. Buskirk -Original Message- From: Ethan Rosenberg [mailto:eth...@earthlink.net] Sent: Wednesday, December 29, 2010 7:12 PM To: php-db-lists.php.net; php-general@lists.php.net Subject: [PHP] Regex for telephone numbers Dear List - Thank you for all your help in the past. Here is another one I would like to have a regex which would validate that a telephone number is in the format xxx-xxx-. Thanks. Ethan MySQL 5.1 PHP 5 Linux [Debian (sid)] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for telephone numbers
On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg eth...@earthlink.net wrote:
Dear List -
Thank you for all your help in the past.
Here is another one
I would like to have a regex which would validate that a telephone number is
in the format xxx-xxx-.
Thanks.
Ethan
MySQL 5.1 PHP 5 Linux [Debian (sid)]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You can't, phone numbers are more complex then that. You could use
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.
Regards,
-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On 2010-12-29, at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Hacking didn't work out all that well over the last couple of years either, but you could probably go, what, just a thousand feet or so to hire one of the kids from Ben Davis high school to help out. Pay them a fair wage, though I mean, with your home last appraised at $122,100 (on the 27th of July, 2007, so you might want to see if it's appreciated more in value by now), we know you can afford to pay better than minimum. Heck, if they'd pave your street as well as your driveway is sealed, that alone might help improve the value, at least a little bit. Which would be fine --- I mean, you already get the benefits of better insurance, consider how close you are to that fire hydrant. (You know the one I mean, that little bluish-green one when you turn right out of your driveway and cross the street.) Speaking of blue-green, I love that picture of Javen. Was that done right on his iPhone, or did he do it on the computer before uploading it? Pretty cool either way, just like his name. I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). It's no surprise that he's an intelligent kid, though, being born at the autumnal equinox and all (and even before sunrise that morning). That aside, you might be right. Perhaps my qualifications don't quite justify my opinion in contradicting anything you have to say. I mean, being contracted to trace people all over the world can sometimes be almost as fun as knowing what tools to use to find out who they are in the first place. Still, one shouldn't spend so much time doing just one thing, which is why we both enjoy programming. Regardless, it doesn't matter, and I see no reason to get into any kind of flame war --- especially with one of the famous Six Hounds from the Darkside of Hell. Anyway, sorry for being ten days late, but happy birthday, Chap. It was good getting to know you. And, as the Ques know, friendship is essential to the soul. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Wow, dan! That was awesomely funny! And it's not even Friday yet! Bastien Koert Sent from my iPhone -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
I know something funnier... Let's wait for Dani's response. On Wed, Dec 29, 2010 at 7:28 PM, Bastien phps...@gmail.com wrote: On 2010-12-29, at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. I was pleased earlier, however, to learn about your interest in helping others by creating a venue for them to sell their own homemade pornographic DVDs at such a low price, but then disappointed to learn that your grasp of Perl and site management wasn't yet up to par. Hacking didn't work out all that well over the last couple of years either, but you could probably go, what, just a thousand feet or so to hire one of the kids from Ben Davis high school to help out. Pay them a fair wage, though I mean, with your home last appraised at $122,100 (on the 27th of July, 2007, so you might want to see if it's appreciated more in value by now), we know you can afford to pay better than minimum. Heck, if they'd pave your street as well as your driveway is sealed, that alone might help improve the value, at least a little bit. Which would be fine --- I mean, you already get the benefits of better insurance, consider how close you are to that fire hydrant. (You know the one I mean, that little bluish-green one when you turn right out of your driveway and cross the street.) Speaking of blue-green, I love that picture of Javen. Was that done right on his iPhone, or did he do it on the computer before uploading it? Pretty cool either way, just like his name. I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). It's no surprise that he's an intelligent kid, though, being born at the autumnal equinox and all (and even before sunrise that morning). That aside, you might be right. Perhaps my qualifications don't quite justify my opinion in contradicting anything you have to say. I mean, being contracted to trace people all over the world can sometimes be almost as fun as knowing what tools to use to find out who they are in the first place. Still, one shouldn't spend so much time doing just one thing, which is why we both enjoy programming. Regardless, it doesn't matter, and I see no reason to get into any kind of flame war --- especially with one of the famous Six Hounds from the Darkside of Hell. Anyway, sorry for being ten days late, but happy birthday, Chap. It was good getting to know you. And, as the Ques know, friendship is essential to the soul. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Wow, dan! That was awesomely funny! And it's not even Friday yet! Bastien Koert Sent from my iPhone -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 6:52 PM, TR Shaw wrote:
On Dec 29, 2010, at 12:56 PM, Joshua Kehn wrote:
On Dec 29, 2010, at 12:37 PM, tedd wrote:
At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
Also, change them {passwords} frequently.
I've always wondered about that -- if your password works, then why change
it? Where's the logic in that?
From my perspective, it looks like Hey, the crackers have not been able to
crack this, so let's give them another chance. That doesn't sound logical.
There are things we think are right, but is this practice supported in
some way that's provable?
Cheers,
tedd
--
---
http://sperling.com/
An attacker manages to obtain the hashes and starts an attack. You change
your password. The attacker now has to restart the attack.
Changing your passwords prevents an attack from continuing past the length
of time between password changes.
Also if they _have_ managed to crack the password changing it forces them to
crack it again, thus also limiting the time the account is compromised.
Gosh. Think about it. Lets not take the your machine is compromised case
and/or your password is moronic and/or you are not passing your password
cleartext.
So the threat is external. Now there are 2 types of external: one in house
and one on the 'net.
The one in house is simply detected by an IDS like snort looking for very
rapid login attempts. Slow walkers are no risk at all. Further if your
password is computationally hard your GigE LAN is not fast enough to support
cracking a computationally hard password before you retire. So there is no
threat that your computationally hard password will be cracked so your
password is safe.
For a 'net threat, the bandwidth is even more constrained so you could live 9
lives and still not have your computationally hard password cracked. Further,
log checking at the firewall and on internal machines can easily detect
cracking attempts. I detect about 4 per day on our mailserver looking for
pop logons and about 25 a day against ssh where we don't even use passwords.
ftp is not used.
So an external threat against your machine as defined above, is not a risk.
So now lets look at the case where there is malware on your machine which
will try to brute force your computationally hard password and is smart
enough to use your graphics engine to increased computational power. Folks
at MIT and Carnegie Mellon have already numerically proved that a 12
character password is not crackable using brute force in any reasonable
timeframe. In fact an 8 character one has strength of years. I would contend
that using that much power will make its existence known to you and coupled
with the fact that you restart your computer every now and again and that you
run an antivirus periodically that will eventually find it even if you don't
notice the slow down.
As you can see, cracking a password on your machine is so fruitless that no
one would even try to since if you have access to the machine a keylogger,
for example, is faster and more reliable. To thwart this you might want to
run tripwire or equivalent and institute exfiltration detection.
The big problem today is that security people in IT and security wannabee's
quote cracking numbers not based in the real world but mathematically based
on quasi real preconditions. They and some crazy guys who I know at
Microsoft along with some NIST guys are pushing 12 character minimums of
upper, lower, numbers and specials, changed every 60 days and no reuse for 2
years in business settings. They say this will make the corporate machines
safe. This is utter BS. And, in fact, makes corporate networks even more
vulnerable due to the fact that people can't remember all these password so
they write them down or make them relatively easy thus increasing social
engineering break-in opportunities.
The best solution is to select a computationally hard password and then don't
change it unless you have to. I also recommend that you select another that
is different and use it for all 'net based logins with a extension
concatenated for each service.
This comment about if they _have_ managed to crack the password changing it
forces them to crack it again, thus also limiting the time the account is
compromised is ridiculous. First, I assume you really mean stealing rather
than cracking for the reasons above. Notwithstanding the fact that the site
broken into should immediately lock down all accounts. Whats to say that the
bad guys brake-in right after you have changed your password and they are not
noticed. You are still at risk until you change it maybe 30, 60 90, 120 days
later. So what is the real good of changing password routinely? Nada! The
probability that your change matches the threat is miniscule. It just make
people feel good. In fact ,if the bad guys broke in to a financial
[PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers
Hi Ethan,
Could you do a string compare and check at certain characters for a
dash?
IE:
check the second character to see if it is a dash for 1-800...
if that is not a dash, check the fourth character for a dash, 469-9...
then the other places where dashes would be based on those two
characters.
You may have to investigate how international numbers would work and
adjust appropriately, but for the US, that should work.
Then just send an error message when it isn't like you want.
JAT
Karl
On Dec 29, 2010, at 6:27 PM, Josh Kehn wrote:
On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg eth...@earthlink.net
wrote:
Dear List -
Thank you for all your help in the past.
Here is another one
I would like to have a regex which would validate that a
telephone number is in the format xxx-xxx-.
Thanks.
Ethan
MySQL 5.1 PHP 5 Linux [Debian (sid)]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You can't, phone numbers are more complex then that. You could use
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.
Regards,
-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers
You could also help them out a little with something like..
$phone = str_replace((, , $phone);
$phone = str_replace(), -, $phone);
HTH,
Karl
On Dec 29, 2010, at 6:27 PM, Josh Kehn wrote:
On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg eth...@earthlink.net
wrote:
Dear List -
Thank you for all your help in the past.
Here is another one
I would like to have a regex which would validate that a
telephone number is in the format xxx-xxx-.
Thanks.
Ethan
MySQL 5.1 PHP 5 Linux [Debian (sid)]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You can't, phone numbers are more complex then that. You could use
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.
Regards,
-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] IPV6
IPV6 support needs to be incorporated ASAP as the network is moving fast that way. We are adding IPV6 this year yet all network functions (http://us2.php.net/manual/en/ref.network.php) still are only IPV4. Given the transition pain to come, early IPV6 support would help ease the transition. Any ideas on timeframe? Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: [PHP-DB] Re: [PHP] Regex for telephone numbers
Why not have three separate fields for each part, as that way you don't
need to bother about how the user separates them, as trust me, if they
can break it, they will.
I have found it is best to always limit the amount of free entry you
permit a user, as that will drastically cut back in data entry validation.
Alexis
On 29/12/10 17:46, Karl DeSaulniers wrote:
Hi Ethan,
Could you do a string compare and check at certain characters for a dash?
IE:
check the second character to see if it is a dash for 1-800...
if that is not a dash, check the fourth character for a dash, 469-9...
then the other places where dashes would be based on those two characters.
You may have to investigate how international numbers would work and
adjust appropriately, but for the US, that should work.
Then just send an error message when it isn't like you want.
JAT
Karl
On Dec 29, 2010, at 6:27 PM, Josh Kehn wrote:
On Dec 29, 2010, at 7:12 PM, Ethan Rosenberg eth...@earthlink.net
wrote:
Dear List -
Thank you for all your help in the past.
Here is another one
I would like to have a regex which would validate that a telephone
number is in the format xxx-xxx-.
Thanks.
Ethan
MySQL 5.1 PHP 5 Linux [Debian (sid)]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
You can't, phone numbers are more complex then that. You could use
\d{3}-\d{3}-\d{4} to match that basic pattern for all numbers though.
Regards,
-Josh
___
http://joshuakehn.com
Sent from my iPod
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Fwd: Re: [PHP] Re: Do you trim() usernames and passwords?
What has any of this got to do with PHP!!! If the moderator is reading this can they please out a stop to it at once, as it appears to have got way out of control. Thanks and a Happy New year to one and all On 29/12/10 16:38, Omega -1911 wrote: Etiquette went out the window a while ago. As Rambo said, He drew first blood... If you could not PROVE ME WRONG, you could have kept your mouth shut. You jumped in head first. And you have YET to prove me wrong. Then to throw off the subject, you resort to telling the world who you believe I am... That's what kids do as a last resort. Now take your ball and run home. First, COULD YOU PLEASE PROVE ME WRONG? You have open doors and windows (if you know what I mean...) *PLONK* On Wed, Dec 29, 2010 at 6:29 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 18:20, Omega -19111911...@gmail.com wrote: AHHH... Searching by by an email is REALLY what you call hacking? Oh wait, you said that with all your knowledge in forensics you can find people all over the world. Thank God for Go0GlE. Please don't top-post. Never said I was hacking. And yes, I did see that infinite redirect-loop you call a website (well, multiple, since they all direct there). And again, yes, I used Google (among other things). However, for the rest of your statement (which you didn't even quote properly), you're confusing two different jobs. Anyway, you were the one who claimed I said your email was a lie. Go back a few messages and you'll see I never even insinuated that at all. I meant your attempt to show your conspiracy-theory-driven opinion as fact was silly. The rest of it may well have been valid, but - my apologies - I just honestly couldn't bear to keep reading it. If you're otherwise unconvinced that I had no intent on any kind of arguments or personal attacks, or if you'd like to continue with your agenda, please shoot me an email off-list, where it belongs. Even worse than anything else so far would be the two of us clogging up everyone else's inbox. -- /Daniel P. Brown Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting (866-) 725-4321 http://www.parasane.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Regex for telephone numbers
On Wed, Dec 29, 2010 at 19:12, Ethan Rosenberg eth...@earthlink.net wrote:
Dear List -
Thank you for all your help in the past.
Here is another one
I would like to have a regex which would validate that a telephone number
is in the format xxx-xxx-.
Congrats. People in Hell would like ice water. Now we all know
that everyone wants something. ;-P
Really, this isn't a PHP question, but rather one of regular
expressions. That said, something like this (untested) should work:
?php
$numbers = array(
'123-456-7890',
'2-654-06547',
'sf34-asdf-',
'abc-def-ghij',
'555_555_',
'000-000-',
'8007396325',
'241-555-2091',
'800-555-0129',
'900-976-739',
'5352-342=452',
'200-200-2000',
);
foreach ($numbers as $n) {
echo $n.(validate_phone($n) ? ' is ' : ' is not ').'a valid
US/Canadian telephone number.'.PHP_EOL;
}
function validate_phone($number) {
if
(preg_match('/^[2-9]{1,}[0-9]{2,}\-[2-9]{1,}[0-9]{2,}\-[0-9]{4,}$/',trim($number)))
{
return true;
}
return false;
}
?
--
/Daniel P. Brown
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote: I know something funnier... Let's wait for Dani's response. On Wed, Dec 29, 2010 at 7:28 PM, Bastien phps...@gmail.com wrote: On 2010-12-29, at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. Even funnier yet - bottom post like you were asked. And to really bust your gut, this thread has gone on far too long off topic. I believe that the person you are referring to as Dani, is in fact Daniel. I don't, nor would I ever start to call you Omeggie just to get under your skin. Use your prestigious fraternity flaunting email and message Daniel directly to continue arguing. I'm not trying to be rude, but I do believe it is in the best interest of the list to kill this thread. Dotan, please chime in if your problem hasn't been solved. I will, as I am sure the rest of the list will be happy to help if it hasn't. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: Re: [PHP] Re: Do you trim() usernames and passwords?
On Wed, Dec 29, 2010 at 20:04, Alexis phplis...@antonakis.co.uk wrote: What has any of this got to do with PHP!!! If the moderator is reading this can they please out a stop to it at once, as it appears to have got way out of control. Thanks and a Happy New year to one and all What moderator? It's an open list, and - if anything - you're contributing to the continuance of the subject. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
I see you Waving your pom poms... I guess it was ok for Dani to say I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). First, that is assuming a lot... on Dani part. Second, don't dwell on Dani's words, PROVE ME WRONG ON WHAT DANI COMMENTED IN HIS FIRST REPLY TO THIS THREAD. Thanks and now, back to the cheerleader section you go.. On Wed, Dec 29, 2010 at 8:05 PM, Nicholas Kell n...@monkeyknight.com wrote: On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote: I know something funnier... Let's wait for Dani's response. On Wed, Dec 29, 2010 at 7:28 PM, Bastien phps...@gmail.com wrote: On 2010-12-29, at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. Even funnier yet - bottom post like you were asked. And to really bust your gut, this thread has gone on far too long off topic. I believe that the person you are referring to as Dani, is in fact Daniel. I don't, nor would I ever start to call you Omeggie just to get under your skin. Use your prestigious fraternity flaunting email and message Daniel directly to continue arguing. I'm not trying to be rude, but I do believe it is in the best interest of the list to kill this thread. Dotan, please chime in if your problem hasn't been solved. I will, as I am sure the rest of the list will be happy to help if it hasn't. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Do you trim() usernames and passwords?
craphound.com/images/xkcdwrongoninternet.jpg Perfect way to describe how the members on this list are behaving right now. On Wed, Dec 29, 2010 at 8:17 PM, Omega -1911 1911...@gmail.com wrote: I see you Waving your pom poms... I guess it was ok for Dani to say I'm just not sure if it's pronounced with a J or an H sound. I mean, Arthur's name is easy enough, but I honestly am confused by Javen's (except when he spells it out like James Vencent). First, that is assuming a lot... on Dani part. Second, don't dwell on Dani's words, PROVE ME WRONG ON WHAT DANI COMMENTED IN HIS FIRST REPLY TO THIS THREAD. Thanks and now, back to the cheerleader section you go.. On Wed, Dec 29, 2010 at 8:05 PM, Nicholas Kell n...@monkeyknight.com wrote: On Dec 29, 2010, at 6:37 PM, Omega -1911 wrote: I know something funnier... Let's wait for Dani's response. On Wed, Dec 29, 2010 at 7:28 PM, Bastien phps...@gmail.com wrote: On 2010-12-29, at 5:32 PM, Daniel P. Brown daniel.br...@parasane.net wrote: On Wed, Dec 29, 2010 at 15:16, Omega -1911 1911...@gmail.com wrote: Sound silly? Why Daniel? It's all documented and public knowledge. What I thought was silly was a entire thread about which ASCII combination was best.. convert to a higher range above the 255 character range... There is NOTHING I have mentioned that you or anyone can call a lie. Google or eccouncil.org are great resources. You forte is php... what security certs doyou hold that contradict my previous email? Aside from involvement with the now-defunct Federal agency, the National Infrastructure Protection Center, training by the FBI's Regional Computer Forensic Laboratories, accreditation as the first private-sector mobile computer forensic investigation laboratory in the tri-state area, multiple computer security certifications, and about fourteen years of professional network and computer security service to multiple public and private sector entities, I suppose not much. Even funnier yet - bottom post like you were asked. And to really bust your gut, this thread has gone on far too long off topic. I believe that the person you are referring to as Dani, is in fact Daniel. I don't, nor would I ever start to call you Omeggie just to get under your skin. Use your prestigious fraternity flaunting email and message Daniel directly to continue arguing. I'm not trying to be rude, but I do believe it is in the best interest of the list to kill this thread. Dotan, please chime in if your problem hasn't been solved. I will, as I am sure the rest of the list will be happy to help if it hasn't. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Mujtaba
[PHP] Hot Topics
First, I have to admit that what I did was wrong. I had assumed (ASS-umed) that the other party in a discussion under a different thread would understand and appreciate the irony of my email in reply to his inappropriate message. Those of you who were barraged with the fallout know what I mean. Unfortunately, it was not well-received by the other person, which led to even further flaming and trolling. While I had tried both on- and off-list to urge the other party to move the discussion from the public forum to a private, one-on-one conversation, it was ignored and actually seemed to exacerbate the situation. For my part in that, I just wanted to send my general apologies to those bombarded with an unnecessary and somewhat illogical series of emails. If being married has taught me anything, it's that it's better to just apologize and move on, regardless of who's right or wrong. And if being married has taught me anything else, it's that, at least in this house, I'm always wrong. So sorry for the unnecessary banter. Moving on, those of you who have been on the list for several years may recall when I was running the ListWatch and PostTrack system, which would send a weekly summary of the list's activities at the time. Before stopping it (it was on a server that burned out, and I just never put it back online), I had added a topic tracker as well, which would give the percentage of activity for a given topic, as well as the ratio of its discussion versus all messages to the list. Several people have asked if/when it would be coming back online, so I'm contemplating bringing it back beginning with the first week of January (next week). Does anyone have any thoughts on that, or any ideas for other interesting metrics they'd like to see? I'm particularly interested in the opinions of folks who recall the old system, but any opinions and ideas are more than welcome. If you'd rather send it to me directly instead of on the list, feel free. Happy early New Year, all. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hot Topics
Weren't you playing with the possibility of including the amount of actual code written as well? Always thought that would be pretty cool :) And as someone who is married as well I agree with what you said. Sometimes it's easier to just say you're sorry then fighting even when you know you're right. Jason Pruim On Dec 29, 2010, at 9:22 PM, Daniel Brown danbr...@php.net wrote: First, I have to admit that what I did was wrong. I had assumed (ASS-umed) that the other party in a discussion under a different thread would understand and appreciate the irony of my email in reply to his inappropriate message. Those of you who were barraged with the fallout know what I mean. Unfortunately, it was not well-received by the other person, which led to even further flaming and trolling. While I had tried both on- and off-list to urge the other party to move the discussion from the public forum to a private, one-on-one conversation, it was ignored and actually seemed to exacerbate the situation. For my part in that, I just wanted to send my general apologies to those bombarded with an unnecessary and somewhat illogical series of emails. If being married has taught me anything, it's that it's better to just apologize and move on, regardless of who's right or wrong. And if being married has taught me anything else, it's that, at least in this house, I'm always wrong. So sorry for the unnecessary banter. Moving on, those of you who have been on the list for several years may recall when I was running the ListWatch and PostTrack system, which would send a weekly summary of the list's activities at the time. Before stopping it (it was on a server that burned out, and I just never put it back online), I had added a topic tracker as well, which would give the percentage of activity for a given topic, as well as the ratio of its discussion versus all messages to the list. Several people have asked if/when it would be coming back online, so I'm contemplating bringing it back beginning with the first week of January (next week). Does anyone have any thoughts on that, or any ideas for other interesting metrics they'd like to see? I'm particularly interested in the opinions of folks who recall the old system, but any opinions and ideas are more than welcome. If you'd rather send it to me directly instead of on the list, feel free. Happy early New Year, all. -- /Daniel P. Brown Network Infrastructure Manager Documentation, Webmaster Teams http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hot Topics
On Dec 29, 2010 11:48 PM, Jason Pruim li...@pruimphotography.com wrote: Weren't you playing with the possibility of including the amount of actual code written as well? Yeah, that was in for a few weeks, but I believe it was Robert Cummings who went out of his way to show its imperfections. Maybe we should incorporate a syntax checker to show parse errors for the week, too. ;-P Always thought that would be pretty cool :) And as someone who is married as well I agree with what you said. Sometimes it's easier to just say you're sorry then fighting even when you know you're right. Or when you top-post. Prune, Prune, Prune /me shakes head.
[PHP] issues with 'stream_socket_client()' and/or 'pfsockopen()'
Hello, I am involved in a project, which has a C++ server side, and a web PHP client side. We wish to develop consistent php socket connection with the C++ server side. Therefore we have been trying to use either 'stream_socket_client()' or 'pfsockopen()' in our PHP code. However, we have hit obstacles in using either 'stream_socket_client()' or 'pfsockopen()', as described in the following: For example, by using the php calls 'socket_create()', 'socket_connect()', 'socket_write()', and 'socket_read()', our php program is able to send a particular client enquiry, and then get back server data of 4196 bytes through socket connection. However, if instead, we use the php calls 'stream_context_create()', 'stream_socket_client()', 'fwrite()', and 'fread()', we will almost always get back incomplete server response data, say 2500 bytes, through the socket connection. And the similar problems if we use the php calls 'pfsockopen()', 'fwrite()', and 'fread()'. Such problems are first found on windows, and then on Linux. We would very much appreciate it if any suggestions on using 'stream_socket_client()' or 'pfsockopen()' correctly and successfully, and further on implementing persistent php client socket successfully. Thanks a lot! Regards, Hong Yu -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Hot Topics
On 10-12-30 12:36 AM, Daniel Brown wrote: On Dec 29, 2010 11:48 PM, Jason Pruimli...@pruimphotography.com wrote: Weren't you playing with the possibility of including the amount of actual code written as well? Yeah, that was in for a few weeks, but I believe it was Robert Cummings who went out of his way to show its imperfections. Maybe we should incorporate a syntax checker to show parse errors for the week, too. ;-P Hmmmpf... I never go out of my way :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
