As I remember: Last year I really wasn't sure if It was funny or sad to see some Wikis being raped and the "crackers" claiming: "You have a security problem, I can modify your pages!".
plPHP looks interesting but i think it starts getting really usable when it supports OLD.NEW records. for the non neglible number of php-haters here: same goes for plPerl, of course.
i think with separating business logic from layout, smarty is also good for separating the programmer's job from designer's job. this can *really* save some administrative work if you don't built all aspects of an entire site alone.
1. parametarization is not the duty of the mysql extension, but of functions/classes calling it. 2. i think Server.MapPath hasn't been implemented in php since the differences between physical and virtual path are far more complex with apache as a hosting environment (i don't know how Server.MapPath should react on some URL-Rewriting-rules or when used in an 404-Error-page). but if you design you environment sane, providing a function that maps between files and urls is cake in php. 3. i don't find this counter-intuitive. 4. implement them *in* php, don't let your scripting environment put you in a niche. be creative. 5 i feel repeating and do so: design the (file-system-)layout of your scripts well and mapping between them can be accomplished with very simple self-made functions that suit far better than anything embedded in the hoting environment, let it be apache (or another webserver) or php
You cannot distinguish between variables from within your code and variables from outside (via i.e. index.php?foo=bar...). this is not a security concern in the first place, but prone to errors, like:
if ($pw='secret') { $auth=true; }... if ($auth) { do_advanced_stuff() }
someonce could let advanced_stuff done, without knowin 'secret', by calling the page with ?auth=1
> Sorry, I don't understand; how is MySQL "more > integrated" with PHP than PostgreSQL? I've used > PHP quite a bit with both of them, and I have no > idea what you mean.
Perhaps he means, that php gets shipped with builtin mysql support (the php-extension speaks mysql to mysqld on its own). You can comile php with mysqlsupport *without* having mysql's client libs lieing around.
For pgsql-support you need libpq.
But that's not such a great difference in the "grade of integration", that Joe user will ever notice.
Slashdot Mirror
As I remember: Last year I really wasn't sure if It was funny or sad to see some Wikis being raped and the "crackers" claiming: "You have a security problem, I can modify your pages!".
even if dmitri is working at zend now, there is http://dd.cron.ru/dbg/ . it's good and free.
if i want to see code generation in action i do /usr/src/linux && strace -F make
cd
plPHP looks interesting but i think it starts getting really usable when it supports OLD.NEW records. for the non neglible number of php-haters here: same goes for plPerl, of course.
and here is Open Source Databases: As The Tables Turn
same site, same author different opinion.
hmm, my XF86Config has this in it:
# Uncomment this to disable the <Crtl><Alt><BS> server abort sequence
# This allows clients to receive this key event.
# Option "DontZap"
but trying to secure a terminal via software-locks against somebody who has physical access to it is a race you can't win.
find . -type f -print0|xargs -0 md5sum
with a gnu-find at least, or you may get some funky errors that look exploitable
i think with separating business logic from layout, smarty is also good for separating the programmer's job from designer's job. this can *really* save some administrative work if you don't built all aspects of an entire site alone.
i don't miss these. reasons:
1. parametarization is not the duty of the mysql extension, but of functions/classes calling it.
2. i think Server.MapPath hasn't been implemented in php since the differences between physical and virtual path are far more complex with apache as a hosting environment (i don't know how Server.MapPath should react on some URL-Rewriting-rules or when used in an 404-Error-page). but if you design you environment sane, providing a function that maps between files and urls is cake in php.
3. i don't find this counter-intuitive.
4. implement them *in* php, don't let your scripting environment put you in a niche. be creative.
5 i feel repeating and do so: design the (file-system-)layout of your scripts well and mapping between them can be accomplished with very simple self-made functions that suit far better than anything embedded in the hoting environment, let it be apache (or another webserver) or php
and strcoll() is also available since 4.0.5
is that ironie?
of course you see crap when browsing at -1.
of course slashdot caches some pages, especially when you're not logged in.
hmm.
:)
xargs -n1 host < @ | sort -f -k 5
4.0.41.198.IN-ADDR.ARPA domain name pointer a.root-servers.net
107.0.9.128.IN-ADDR.ARPA domain name pointer b.root-servers.net
12.4.33.192.IN-ADDR.ARPA domain name pointer c.root-servers.net
90.10.8.128.IN-ADDR.ARPA domain name pointer d.root-servers.net
10.230.203.192.IN-ADDR.ARPA domain name pointer E.ROOT-SERVERS.NET
241.5.5.192.IN-ADDR.ARPA domain name pointer f.root-servers.net
4.36.112.192.IN-ADDR.ARPA domain name pointer G.ROOT-SERVERS.NET
53.2.63.128.IN-ADDR.ARPA domain name pointer h.root-servers.net
17.148.36.192.IN-ADDR.ARPA domain name pointer i.root-servers.net
30.128.58.192.IN-ADDR.ARPA domain name pointer j.root-servers.net
129.14.0.193.IN-ADDR.ARPA domain name pointer k.root-servers.net
12.64.32.198.IN-ADDR.ARPA domain name pointer l.root-servers.net
33.27.12.202.IN-ADDR.ARPA domain name pointer m.root-servers.net
53.2.63.128.IN-ADDR.ARPA domain name pointer rns.arl.army.mil
looks okay to me
You cannot distinguish between variables
...
from within your code and variables from
outside (via i.e. index.php?foo=bar...). this is
not a security concern in the first place, but
prone to errors, like:
if ($pw='secret') { $auth=true; }
if ($auth) { do_advanced_stuff() }
someonce could let advanced_stuff done, without
knowin 'secret', by calling the page with ?auth=1
HTH
> Sorry, I don't understand; how is MySQL "more
> integrated" with PHP than PostgreSQL? I've used
> PHP quite a bit with both of them, and I have no
> idea what you mean.
Perhaps he means, that php gets shipped with builtin mysql support (the php-extension speaks
mysql to mysqld on its own). You can comile php with mysqlsupport *without* having mysql's client libs lieing around.
For pgsql-support you need libpq.
But that's not such a great difference in the "grade of integration", that Joe user will
ever notice.