doesn't html escape it's output, why do you think other languages should automatically do it ?
what if I have header('Content-Type: text/plain');
or header('Content-Type: image/jpeg');
> fork and chroot each PHP script
It is the job of the web server to decide how to handle its scripts. Not the scripting language. FYI My web server is *already* chrooted and I'd rather not have the PHP authors introducing some extra security model of their own thanks.
"hello, police? yeah. This is Dve from the British Telecom security dept. (you know, the world's largest telecomms company). We have a suspicious person attacking our tsunami donations site, probably trying to steal credit card numbers. His address is......., thanks bye"
It would be the same in any country I can think of.
"Hi buddy, this is Chuck from the security dept. at AT&T, someone's trying to break into our computer systems, his address is......"
"Hey mate, this is Noleen from the security dept. at Telstra, someone's trying to break into our computer systems, his address is......"
"Buenos dias Senior, this is Jose from the security dept. at Telefonica, someone's trying to break into our computer systems, his adobe is......"
It is the police whom one prosecutes for wrongful arrest and false imprisonment.
You get about 600 pounds per hour minus the cost of the coffee and food.
The Hunt Saboteur's Association and it's members were avid claimants which brought about a shift in policy for the police forces attending hunt meetings once the cost of blanket arrests starting reaching the tens of thousands of pounds.
On the flip side the police invented something they called "de-arresting" whereby you would spend an hour in the van and then be let go, with no police paperwork it is almost impossible to sue.
Then the govt. made protecting wildlife illegal and the balance of power was restored to the blood sport participants. That is until new legislation which might be introduce this year banning hunting with hounds, though not other forms of countryside carnage.
A common misconception is that folks who advocate HTML validation are retro-thinking, "backwater unix geeks" who stubbornly oppose innovation. It's true that many advocates of HTML validation are indeed seasoned computer professionals, who have learned the hard way that portability and compatibility are key elements to ensuring the longevity of any software product (including Web pages).
Perhaps then, you don't remember the Gentoo Unreal Tournament LiveCD, I have mine right here.
Does Microsoft still have its $150m Apple shareholding ?
I use secstore, I don't have to remember my passwords and they can be as long and as random as I like.
All I need is the password to secstore, which, in my case, is on the LAN.
secstore client - man page - for non-plan9 systems is now available as part of the Plan 9 from User Space project.
> HTML ESCAPE BY DEFAULT.
:
how would I type
print(' ');
?
more crazy quoting rules perchance ?
printf("%s\n", email_address);
doesn't html escape it's output, why do you think other languages should automatically do it ?
what if I have header('Content-Type: text/plain');
or header('Content-Type: image/jpeg');
> fork and chroot each PHP script
It is the job of the web server to decide how to handle its scripts. Not the scripting language. FYI My web server is *already* chrooted and I'd rather not have the PHP authors introducing some extra security model of their own thanks.
it should be array('filter'=>'htmlentities'));
If you think either of those approaches is appropriate you are a fool.
Using the <? php ?> some html <? php ?> approach is garbage
$h = new html();
$h->append($firstname, array('filter', 'htmlentities');
$h->append($last_name, array('filter', 'htmlentities');
$h->append($last_name, array('filter', 'htmlentities');
$h->append($address1, array('filter', 'htmlentities');
$h->append($address2, array('filter', 'htmlentities');
$h->append($html_table);
$h->output();
though the last part is more likely to be something like (depending on the data)
$h->open_table();
$h->add_row($cell1, $cell2);
$h->close_table();
They should just post the text to /. we'll soon get it proof read !!
Come on Nazi's of spelling, syntax, grammar and just plain fact, we can do it !
take a look at the games
you don't have to wonder, I'm pretty sure you can guess I was a sab !!
do you even know what Symbian is ?
it certainly isn't anything like "the primary focus of Minimo to date has been system with ~32-64 MB of RAM, running Linux"
I said where can I download Symbian not where can I look at a project that doesn't even have Symbian on the roadmap.
yeah, don't hold your breath.
=)
The result is that distros like Debian and Ubunty come with no Java support out of the box and this is sumply ridiculous.
Are you trying to make no java sound like a bad thing ?
one person's ease of use is another person's prison
in other worlds
/dev/screen | togif > screen.gif
cat
it goes like this :
......., thanks bye"
......"
......"
......"
"hello, police? yeah. This is Dve from the British Telecom security dept. (you know, the world's largest telecomms company). We have a suspicious person attacking our tsunami donations site, probably trying to steal credit card numbers. His address is
It would be the same in any country I can think of.
"Hi buddy, this is Chuck from the security dept. at AT&T, someone's trying to break into our computer systems, his address is
"Hey mate, this is Noleen from the security dept. at Telstra, someone's trying to break into our computer systems, his address is
"Buenos dias Senior, this is Jose from the security dept. at Telefonica, someone's trying to break into our computer systems, his adobe is
etc. etc.
(apologies to the world for my stereotypes !)
It is the police whom one prosecutes for wrongful arrest and false imprisonment.
You get about 600 pounds per hour minus the cost of the coffee and food.
The Hunt Saboteur's Association and it's members were avid claimants which brought about a shift in policy for the police forces attending hunt meetings once the cost of blanket arrests starting reaching the tens of thousands of pounds.
On the flip side the police invented something they called "de-arresting" whereby you would spend an hour in the van and then be let go, with no police paperwork it is almost impossible to sue.
Then the govt. made protecting wildlife illegal and the balance of power was restored to the blood sport participants. That is until new legislation which might be introduce this year banning hunting with hounds, though not other forms of countryside carnage.
I'll summarize then :
Yes, it is worth the trouble.
You are, of course, correct.
Still doesn't negate the argument, I was being an IT nazi though, not grammar.
I use a trinary computer, you insensitive clod !
do you even know what binary xml is ?
RTFA
Where can I download Firefox for symbian ?
Where can I download Firefox for PocketPC [or whatever it's called this week] ?
/. spam has been around for a long time
Surely you must remember the Free iPods guy, that one wasn't so long ago.
I can't remember any other specific ones because they fade into insignificance.
Amazingly, HTML compatibility was easier before it was "standards" this and "standards" that.
Are you *sure* about that ?
<blink >
<marquee >
<object >
<bgsound >
No-one forces you to validate your html (unless you work for me =). Why I come from it's comformance first, compatibility second.
So, You're Against Innovation?
A common misconception is that folks who advocate HTML validation are retro-thinking, "backwater unix geeks" who stubbornly oppose innovation. It's true that many advocates of HTML validation are indeed seasoned computer professionals, who have learned the hard way that portability and compatibility are key elements to ensuring the longevity of any software product (including Web pages).
no it doesn't mean that at all
not just "you can't log in remotely"
but "there is no root account for anyone to log in to, ever!"
I know why you advocated it, no re-reading necessary
why not move IIS onto port 908 ?
after all, every script kiddie on the planet will attack port 80 looking for IIS vulnerabilities ?