Leaving register_globals enabled in PHP is not a security issue. Sloppy programming can cause security issues and that can happen with register globals enabled _or_ disabled.
It's turned off by default for the "greater good" and to hopefully help protect scripts written by new or sloppy programmers.
Yeah, that's all Google knows. I however, search Google for your robots.txt file, see you have a folder jack/ you don't want indexed, so I pull up domain.org/jack/ to see what you're trying to hide. Might be worthless, might not be.
You're in the minority then, if you actually add components to your computer.
I think the OP is exactly right in that smaller form factors are going to become bigger and bigger business. I just went through this issue myself when I bought a new computer a month ago. I had to rid myself of the idea that I needed the latest and greatest and realize that an average computer is going to do more than enough for my needs and I didn't need a big ugly glowing tower on my desk.
I went minimal with an LCD display and Shuttle computer with wifi and even got a smaller desk to put it all on. Couldn't be happier.:)
This new iMac is _exactly_ what I would have bought if I wasn't scared of switching to a Mac, though.
I highly recommend these, also. I have a 128mb version that you can pick up from Tiger Direct for around $20 (after rebate, of course). 512mb version were only running $90 after rebate at one time.
If you don't need Gb and Gb of storage and want something you can always have with you, these are perfect. They come with a credit card sized case that'll hold two sticks. Just stick it in your wallet and you always have it.
It's amazing how small these are. Literally two pennies long and as thick as a nickel (those are the comparisons you'll see online).
Now if I could only figure out how to easily boot Linux from one of these, I'd be all geeked out!
Get the LiveHTTPHeaders extension. It'll track all headers for each request (along with response headers) and you can replay any of them. When you choose to replay it, you can also modify any of the existing headers that were sent.
Just tested it on the link to bugzilla above. At first the link didn't work, as expected. Clicked replay and blanked out the referrer and then the page loaded.
Touch typing has nothing to do with it. If I'm quickly typing an email or even this reply and hit the space bar just as a notification box pops up, it'll "click" okay for me. Same thing if I hit the enter key.
I guess if you touch-type at one letter a second or so, then this wouldn't bother you.
I don't really care if it only works on PC and doesn't use ITunes. Are there other reasons I shouldn't buy a player that's $100 cheaper than a same size 15GB Ipod with twice the battery life?
The US Army (and Navy, iirc) already has their own portal with webmail and an IM client that's approved to run on Army networks. Soldiers can get email addresses and accounts for family members by sponsoring them (very easy process). There is also a file storage that has access control mechanisms in place.
Basically, there's no need for soldiers to get a gmail account for this purpose. Soldier's will have a greater chance of getting access to the Army portal versus a commercial website.
I've actually been looking for something like this for my parents who don't have broadband available, but would like wireless access.
Solution is a wireless access point / router that has a serial port to connect an external modem to. The router should support "dial-up on demand" over the serial connection.
The SMC7004AWBR was one I found that has this feature ($10.00 on ebay) with a cheap external serial modem ($15.00 on froogle), I can have them set up quite cheaply. Now I just have to convince my mother to actually purchase a computer!:)
Thanks for your comment, which lead me to the right google search terms to use!!
My wife, four year old son and I have been using Windows XP like this for quite a while.
I have shortcuts to a text editor and command prompt under the Admin user using "runas" so I rarely even need to switch to an admin user except to install something.
Albeit, we generally only do generic computing: internet, email, word processing, php/mysql development, etc and not many games. Maybe games are the big problem in this kind of environment, but I can't say from my experience.
There's nothing but crap on that site. I heard about it before when you spammed some site I read. You teach poor programming skills and barely touch on anything that's useful towards security.
Your "gauntlet" challenge is probably a scam to get people to write scripts for you. You can't even handle your own PHP errors gracefully and run everything through an index.php page...
ADOdb doesn't make anything more or less secure, it's just a wrapper to the native database functions. It's still up to you to validate your data, escape the right characters, etc.
If ADOdb emulates some kind of parameter-binding for those database interfaces that don't actually support that, then I guess it could be considered a little securer, but it's still up to you to use the right methods.
The idea is that you're coding a value into include() that _you_ set. Other methods include having a predefined array of valid modules that hold the file names. You then validate $_POST['module'] against that array.
You can do something like include('/hard/coded/path/'.$module.'.php'); but then you have to validate $module accordingly. Either by checking it agains a pre-approved list/array, or replacing any periods or forward slashes in the value.
Slashdot Mirror
Leaving register_globals enabled in PHP is not a security issue. Sloppy programming can cause security issues and that can happen with register globals enabled _or_ disabled.
It's turned off by default for the "greater good" and to hopefully help protect scripts written by new or sloppy programmers.
---John Holmes...
safe_mode and open_basedir restrictions come in handy here, but if you're really concerned about this, then you shouldn't be on a shared server.
Or just run PHP as a CGI where it runs as a user account...
---John Holmes...
21 fingerprint slots, eh? That's enough for all my fingers and all my toes with one leftover. What's the 21st one for?
People in West Virginia and Alabama?
---John Holmes...
Well, I put "please don't look at this if you're a bad guy" on my website, so I'm safe.
---John Holmes...
Well, then... I guess you're doing it the right way. :) I know others are not...
---John Holmes...
Yeah, that's all Google knows. I however, search Google for your robots.txt file, see you have a folder jack/ you don't want indexed, so I pull up domain.org/jack/ to see what you're trying to hide. Might be worthless, might not be.
---John Holmes...
But then you just google for the robots.txt file and have a looksee at what people are trying to hide!! :)
---John Holmes...
You're in the minority then, if you actually add components to your computer.
:)
I think the OP is exactly right in that smaller form factors are going to become bigger and bigger business. I just went through this issue myself when I bought a new computer a month ago. I had to rid myself of the idea that I needed the latest and greatest and realize that an average computer is going to do more than enough for my needs and I didn't need a big ugly glowing tower on my desk.
I went minimal with an LCD display and Shuttle computer with wifi and even got a smaller desk to put it all on. Couldn't be happier.
This new iMac is _exactly_ what I would have bought if I wasn't scared of switching to a Mac, though.
---John Holmes...
I highly recommend these, also. I have a 128mb version that you can pick up from Tiger Direct for around $20 (after rebate, of course). 512mb version were only running $90 after rebate at one time.
If you don't need Gb and Gb of storage and want something you can always have with you, these are perfect. They come with a credit card sized case that'll hold two sticks. Just stick it in your wallet and you always have it.
It's amazing how small these are. Literally two pennies long and as thick as a nickel (those are the comparisons you'll see online).
Now if I could only figure out how to easily boot Linux from one of these, I'd be all geeked out!
---John Holmes...
Get the LiveHTTPHeaders extension. It'll track all headers for each request (along with response headers) and you can replay any of them. When you choose to replay it, you can also modify any of the existing headers that were sent.
:)
Just tested it on the link to bugzilla above. At first the link didn't work, as expected. Clicked replay and blanked out the referrer and then the page loaded.
Very handy, indeed.
---John Holmes...
Looks like you can log in with a/a or asdf/asdf as username/password. Thanks to whoever. :)
---John Holmes...
Touch typing has nothing to do with it. If I'm quickly typing an email or even this reply and hit the space bar just as a notification box pops up, it'll "click" okay for me. Same thing if I hit the enter key.
I guess if you touch-type at one letter a second or so, then this wouldn't bother you.
---John Holmes...
I don't really care if it only works on PC and doesn't use ITunes. Are there other reasons I shouldn't buy a player that's $100 cheaper than a same size 15GB Ipod with twice the battery life?
Honest question, here. Enlighten me.
---John Holmes...
You'd have some level of grayscale, though, depending upon how much you cleaned the concrete...
It's fraternity, not frat. You don't call your country a cunt, do you?
So why aren't all cattle like this? Is the increased meat not enough to offset the increased cost of food or care or something?
It seems like you'd want all meat cattle to be like this, wouldn't you?
Did he get all mean or start crying or what?
The US Army (and Navy, iirc) already has their own portal with webmail and an IM client that's approved to run on Army networks. Soldiers can get email addresses and accounts for family members by sponsoring them (very easy process). There is also a file storage that has access control mechanisms in place.
Basically, there's no need for soldiers to get a gmail account for this purpose. Soldier's will have a greater chance of getting access to the Army portal versus a commercial website.
---John Holmes...
I've actually been looking for something like this for my parents who don't have broadband available, but would like wireless access.
:)
Solution is a wireless access point / router that has a serial port to connect an external modem to. The router should support "dial-up on demand" over the serial connection.
The SMC7004AWBR was one I found that has this feature ($10.00 on ebay) with a cheap external serial modem ($15.00 on froogle), I can have them set up quite cheaply. Now I just have to convince my mother to actually purchase a computer!
Thanks for your comment, which lead me to the right google search terms to use!!
---John Holmes...
My wife, four year old son and I have been using Windows XP like this for quite a while.
I have shortcuts to a text editor and command prompt under the Admin user using "runas" so I rarely even need to switch to an admin user except to install something.
Albeit, we generally only do generic computing: internet, email, word processing, php/mysql development, etc and not many games. Maybe games are the big problem in this kind of environment, but I can't say from my experience.
---John Holmes...
> the extra knowledge gained by extending the
> lifespan of the probe probably outweighs the
> (tiny) extra expense
If they knew the rovers would last years, there's no way they'd send it into this crater, though. So you'd lose out on that exploration.
I think they can be "risky" with them now because they know they're going to fail soon anyhow.
---John Holmes...
If I had points, I'd mod you up. I think TSS is better without Leo, too.
They could use a few more hotties to replace the ones they lost, though.
---John Holmes...
There's nothing but crap on that site. I heard about it before when you spammed some site I read. You teach poor programming skills and barely touch on anything that's useful towards security.
Your "gauntlet" challenge is probably a scam to get people to write scripts for you. You can't even handle your own PHP errors gracefully and run everything through an index.php page...
Please come back when you have something useful.
---John Holmes...
ADOdb doesn't make anything more or less secure, it's just a wrapper to the native database functions. It's still up to you to validate your data, escape the right characters, etc.
If ADOdb emulates some kind of parameter-binding for those database interfaces that don't actually support that, then I guess it could be considered a little securer, but it's still up to you to use the right methods.
---John Holmes...
if($_POST['module'] == 'news') { include('news.php'); }
The idea is that you're coding a value into include() that _you_ set. Other methods include having a predefined array of valid modules that hold the file names. You then validate $_POST['module'] against that array.
You can do something like include('/hard/coded/path/'.$module.'.php'); but then you have to validate $module accordingly. Either by checking it agains a pre-approved list/array, or replacing any periods or forward slashes in the value.
$file = str_replace(array('.','/'),'',$_POST['module']);
---John Holmes...