Re: [PHP] HTTPS vs. HTTP ?
Personally, I think the concept of NEEDING https is a bit rediculous. Generally, trying to get through the front door, would be the same as trying to get through a concrete wall with a baseball bat... Now, finding a back door, and getting at THEIR database is the REAL key. people don't generally try and hack routers... most current router systems haven't been hacked.. there are attempts, same as anything else.. it just isn't very common. if you can steal the keys, you can steal the database, which holds more than stealing a site for a few minutes. -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Richard Lynch [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... In public key cryptography, it is the *keys*, not the digital certificate that encrypt/decrypt the communication. Okay. I break into his co-lo, I walk off with his computer, and I break into his office, I walk off with his computers, I kill the guy, and I kidnap his wife. I have everything. I have his Certs, his keys, his server, his domain, *EVERYTHING*. This is not *IMPOSSIBLE*, no matter how unlikely it is painted. But let me paint a more-likely scenario. Some guy sets up a tiny on-line retail shop on his $20/month ISP. Whoo-Hooo! He gets hacked, never even notices, and his Certs and keys are all stolen. Meanwhile, the guy good enough to do that is also good enough to routinely hijack his domain name for short periods of time. Game Over. How about another, even *easier* scenario. I set up a nice little retail shop that specializes in hard-to-find items. I scour the 'net for things people can't seem to find anywhere else, not even eBay. Nothing big or really expensive, just odd parts and pieces of things. I build a nice big web-site catalog shopping cart. I buy a Cert for a whopping $119. I collect the credit cards for a day or two, I charge them nine ways to Sunday, and I take off. Game Over. How about an even *easier* scenario: I find a web-site that is storing the credit-card numbers in their database, and rip them off. Game Over. that issued his certificate, he may as well let you run your rogue site off of his server; it's the same difference. Exactly! Or, he may as well be the criminal and *GET* a CA signed certificate for his criminal web-site. I do not trust that a CA Signed Cert is worth the bits its stored in. If you trust Microsoft with Security, shop away. Think of it this way. Let's use https://www.amazon.com/ as an example. Do you trust doing business with them? I sure do; at least I trust 100% that my HTTP requests are going to get to the www.amazon.com server safely. If someone stole their SSL certificate: Forget amazon.com. Real-world example from *MY* personal life: Stick with unknowncompany.com -- a site you do *NOT* know, you do *NOT* trust, but they are the only ones that have the power-supply you need to run your laptop. You can: A) Throw away your laptop. B) Risk the fact that an unknown site with a CA Signed Certificate (Ooh I'm impressed (not)) is the only one who can sell you the part you need to power the laptop. C) Try (and fail miserably) to find the part in real stores, and go back to A or B. Yes, this really happened to me. Yes, I really bought the thing on-line. No, I had no trust that they weren't crooks or at least incompetents. Yes, that's why the current system is insufficient. Yes, that's why I think it is ridiculous that people have essentially been trained to trust that little lock icon in the browser, no matter how naive that is, and how untrustworthy it is. Now, on to stealing their domain name. All of a sudden, Amazon is getting no traffic. Think they won't notice? Again, forget Amazon. There *ARE* on-line retailers who don't get any traffic, whose ISP's are so crappy their site is down all the time. Think they would notice? How quickly? What's their response? Call up the ISP and complain, and the ISP says Hmmm, it's working okay now. Probably just a network outage Think it matters since the HTTP requests you'll be receiving can't be decrypted by you anyway? Assume I've also stolen their Cert and keys and whatever else it takes to steal your credit card number. Yes, there are fewer sites where that's possible, but is it 0? No. Is it growing, as more and more mom-n-pop on-line stores are built on $20/month hosts with crappy Security? Are you telling me you've never walked in to an eCommerce site to find major, huge, gaping holes in their security? Are you telling me those sites don't exist? Actually, assume the
Re: [PHP] checking the path from which someone has arrived at a specific script
Miguel Cruz [EMAIL PROTECTED] wrote in message... Unfortunately...This is not working. I went to the php manual and it basically stated that not all web sites will post the $HTTP_REFERER. I believe that is what is happening in this case. Also, anyone can fake HTTP_REFERER to be anything they want, so it's a pretty lousy payment verification mechanism. Paypal offers the use of a direct response to a url you designate for verification.. send them to a thank you page, and maybe give them temp access.. there are directions on setting up verification with paypal in their payment manuals.. -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] fsockopen question
you can do more than one fsockopen, which means you will have multiple sockets open, however, these are part of the same thread in the same process.. in other words, you can't do two things at once by default.. with php-gtk, you can maybe have multiple user events.. and not sure if you can emulate it.. -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Jose Arce [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... So...i can do more than one fsockopen()...but is not multi-thread? i don't understand...i mean...if i can open more than one fsockopen...it is multithread, or in wich cases php open more than one fsockopen? thx :D From: Martin Towell [EMAIL PROTECTED] To: 'Jose Arce' [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: RE: [PHP] fsockopen question Date: Thu, 4 Jul 2002 16:39:36 +1000 you can do more than one fsockopen(), but since php isn't multi-threaded - you'll still only be able to download one file at a time. -Original Message- From: Jose Arce [mailto:[EMAIL PROTECTED]] Sent: Thursday, July 04, 2002 4:39 PM To: [EMAIL PROTECTED] Subject: [PHP] fsockopen question Hi, i'm making a script to transfer all the zips from my old server to my new one, i mean, server to server. That's the easy part. The cuestion is: Can i open more than just one instance for fsockopen to retrieve more files in the same script, at the same time? i mean, not one by one (that will be slow), but 4 or 5 at the same time... some people think it's possible, some people don't...thx :D _ MSN. Más Útil cada Día. http://www.msn.es/intmap/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ MSN Fotos: la forma más fácil de compartir e imprimir fotos. http://photos.msn.es/support/worldwide.aspx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Weird preg problem
the /i means case insensitive, remove the i, and it will work as intended. -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Sp [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi I am trying to check if a word contains only capital letters. For some reason it's not working. The below example is checking the word weird to see if it's all capital letters but it's saying it's matches. I've tried checking for only lower case letters with WEIRD and it's not working there too. What am I doing wrong? $pattern = A-Z; $regexp = '/^['.$pattern.']*$/i'; if( preg_match($regexp, weird) ) echo matches; else echo does not match; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RegEx question
as a preg /(...)$/ this gives you the last three chars.. -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ David Busby [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... List, How can I regex to compare the last three chars of a string to php? /B -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: RegEx question
Richard Lynch [EMAIL PROTECTED] wrote in message...
How can I regex to compare the last three chars of a string to php?
if (substr($foo, -3) == 'php'){
}
Oh, wait, you wanted to use RegEx. Sorry, can't help you there. :-)
Don't use a cannon to swat a fly.
probably a good call.. :)
--
===
Michael J. Ryan - tracker1[*at*]theroughnecks.com
Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net
===
Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email
One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Where do I specify a DSN?
Richard Lynch [EMAIL PROTECTED] wrote in message... I'm getting this error message...where does it come from? Warning: SQL error: [unixODBC][Driver Manager]Data source name not found, and no default driver specified, SQL state IM002 in SQLConnect in /var/www/html/index.php on line 4@ Microsoft. :-) Microsoft defines possible database connections as DSN in the ODBC Control Panel. Open up the ODBC Control Panel, and make a DSN named foo and point it to the database you want to access. it said unixODBC, not sure what he was trying to connect to though, may be best to use the native connection drivers? -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to put a new line character with fputs($birthday_file, $content);
Download unix2dos.exe (there is also a dos2unix.exe) http://www.bastet.com/software/UDDU.ZIP If you are running the php on *nix, and wanting to import the file on excel, you will need it.. Another thing you can do, is create it in an html/table format table tr tddata1/td /tr /table this will be read fine by excel regardless of the end of line string. -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Alfredo [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hi, I am saving the result of a query on a text file. Then I want to open it with excel. At the moment, when I open it with excel, all results appear in one very long line. How could I insert a new line character at the end of each record? Thanks Alfredo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] is there a function like javascript's window.open in PHP
heh, my first thought was to suggest php-gtk g you are right, I see this question on asp lists all the time.. :) -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Mark Charette [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... This is a common question, related to the lack of understanding of client/server architectures I believe. PHP is all server side - a browser is all client side. Servers can send data only to the browser, nothing else. The server can inquire and gather data from text files and databases, but it will format the data into a particular protocol (HTTP most often) and send it to the browser. The data may even include lines of text from a language that the browser understands, like JavaScript. Or it might be XML data and the corresponding XSLT instructions. But ... it can't affect the browser directly. Only the embedded instructions that the browser understands can actually affect anything on the browser. The browser looks at the stream of data provided by the server and decides on-the-fly what to do with it. If it sees JavaScript instructions, it may decide to interpret them and do some particular action. Or it may decide that it doesn't want to play with JavaScript today and just ignore them. It may see the XML/XSLT and decide to do something - but it doesn't have to. This, of couse, is the bane of Web programmers everywhere. What does the browser understand, and what does it do with the data. PHP allows us to write programs eaisy on the server to make some decisions on what to send a browser, but it cannot act directly on the browser. We must depend (somehow) on the browser interpreting what we tell it and then acting in a particular way. -Original Message- From: Jason Wong [mailto:[EMAIL PROTECTED]] Sent: Sunday, June 23, 2002 12:17 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] is there a function like javascript's window.open in PHP On Sunday 23 June 2002 07:21, Burak Delice wrote: hi, I wonder that is there a PHP function like window.open() into Javascript? No. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* One thought driven home is better than three left on base. */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: cookies
Paul O'Neil [EMAIL PROTECTED] wrote in message... If a browser has cookies blocked , anyone have code if unable to set cookie then goto another page. at the top of a page.. psuedo code if cookie['test'] exists... if true //cool else if get['cookietest'] exists cookietest failed, redirect else set test cookie, and redirect to self with ?cookietest=true this should work for you... :D -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Removing Empty Lines from Text??
$strMine = preg.replace(/(\r\n|\r|\n)+/,$strMine,\r\n\r\n); or \n\n as the replace.. :) I use the (\r\n|\r|\n) to match against windows, unix, mac line terminations... I usually replace with the windows \r\n -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Jason Caldwell [EMAIL PROTECTED] wrote in message... Is there an elegant way to remove excess blank lines from my form data? For example; if someone enters the following text and then press' the Submit button: This is a some text This is more text, and yet even more What I want to do is remove the excess white space and make it look like this? This is a some text This is more text, and yet even more My users may press enter too many times and I want to ensure clean text and formatting. Thanks. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Removing Empty Lines from Text??
would suggest /(\r\n|\r|\n)+/ especially if the input is from a browser that could be mac, or windows.. :) -- === Michael J. Ryan - tracker1[*at*]theroughnecks.com Roughneck BBS: http://www.theroughnecks.net telnet://theroughnecks.net === Y!: aztracker1 - aim: azTracker1 - icq: 4935386 - msn: see email One program for aim/icq/yahoo/msn/irc - http://www.trillian.cc/ Bb [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... $var = preg_replace(/\n*/,\n,$var); Jason Caldwell [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Is there an elegant way to remove excess blank lines from my form data? For example; if someone enters the following text and then press' the Submit button: This is a some text This is more text, and yet even more What I want to do is remove the excess white space and make it look like this? This is a some text This is more text, and yet even more My users may press enter too many times and I want to ensure clean text and formatting. Thanks. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
