I'd use a define( 'APP_PATH', value ), instead of a variable, at least it can't be overridden by GET/POST/REQUEST variables directly if a bright guy enables global vars.
I'll be waiting for the first batch with defects to go through. And I'll also wait until enough interesting games come out. And finally, I'll wait until they package a game with it (I bought the GC with the 4 Zelda games special disc).
In IE and Firefox you can request (through a javascript call) that the user authorize a javascript connexion to an external domain. It will prompt the user with a dialog asking if he accepts. Again in IE, if you say yes, it's for all connexions to that domain, in Firefox the user has to explicitly check the box (always allow connexions for this domain) else the box will reopen again on the next connexion try.
You can also use your server as a proxy to gather all the info from other servers before rerouting them, but that just increases your server load (you could cache it to help).
Re:Lack of PHP Security in 5 sentences, Not 500 Pa
on
Pro PHP Security
·
· Score: 1
Think you need to wake-up, since PHP 5 there is the PDO extension set which supports lots of DBs and there is also the MySQL(i) extension which stands for "improved" that has prepared statements.
But you are right that PHP security doesn't hold in 5 lines, it's a matter of getting something generic and right once and for all and propagate that in the tutorials to the noobs that start using it every day.
That's why some people will override PHP's default session handling and implement their own layer with possibly the addition of encryption to it so tampering can't be done. With a simple CRC check added to it before encryption you can prevent (if you are paranoid) nasty things especially if you are on shared hosting where someone could try to alter the data.
you could probably get your computer to sleep lowering power consumption to very low values and on a single key-press having everything restored almost instantly.
I can't believe that they don't even have some sort of verification that the passwords aren't common things. Heck even here, when you try to change your passwords everywhere there are so many restrictions that it can't be a dictionary word or easy to guess.
Simple rules
- at least 1 CAP letter (means at least 1 letter)
- at least one symbol (@#.,& etc.)
- at least 1 number
- at least 8 chars long
How hard is it to enforce this.
I tried to find the source of the benchmark I read this from, but I can't find it anymore. But basically, there was a pretty significant lost of time if used alot in some code because whether there is a triggered error or not, the code has to go through some iterations because of the @. In a loop it could reduce performance depending on how much it is used. I agree that if you use it only for one line it really doesn't make a difference (usually performance hit is the DB connection more than PHP execution time) but for people wanting to optimize like hell, I would avoid it. Also, it suppresses errors even fatal ones, so your code could generate a fatal error, stop executing and you wouldn't know why because the error is suppressed completely.And no basic error checking makes for sloppy code in the long run.
Don't worry, I'm an Ada/C++ developer (PHP is for playing on spare time/projects)
The usage of @ degrades performance drastically, you're better off shutting the errors off with ini_set( 'display_errors', 0 ); and having everything go to the log file.
OTOH a minimal amount of error checking wouldn't be bad either so you can customize the error messages triggered.
What you miss here is that the companies will milk the cow at every level they can to make their life longer. I'm pretty sure they could just jump down to 45nm or even 30nm right away, but hey, if we do that, after everyone has the best, nothing more to buy.
Slashdot Mirror
Well I had already skipped over buying this over the DRM, Origin, DLC crap and the price but reading this really opens some eyes in that they really seemed to have built SimFarmVille http://arstechnica.com/gaming/2013/03/simcity-impressions-we-waited-ten-years-for-this/
Can't wait for them to crack down on teen open house parties!
It's actually 6 active skill slots + 1 potion slot.
Not in the province of Quebec, you can't call yourself engineer or pretend your are one. If caught you will be fined.
http://www.peo.on.ca/enforcement/Quebec_MS_April2004.pdf
Do you need a car analogy on this?
We have the "blamecanada" tag, maybe we need the "blameusa" tag now =]
Well then we're all safe in at least 10 provinces in Canada! Don't know about the other 3 territories though.
Hell, I'd release one with a dual drive able to read both formats and be done with it!
That's why I'm waiting for the Zelda bundle at less than 200 which will be in a year or two (hopefully the console will be easier to find by then!)
I got the Cube with the 4 Zelda game disc back in the days.
Well Diebold is on it's way out as posted by a previous story. Could that solve some of the problems?
Actually, that bug is resolved in PHP 5.2.1
http://bugs.php.net/bug.php?id=35106
I'd use a define( 'APP_PATH', value ), instead of a variable, at least it can't be overridden by GET/POST/REQUEST variables directly if a bright guy enables global vars.
On a side note, anyone know where I could find that Suhosin extension compiled as a binary (DLL) for windows ?
I'll be waiting for the first batch with defects to go through. And I'll also wait until enough interesting games come out. And finally, I'll wait until they package a game with it (I bought the GC with the 4 Zelda games special disc).
Until then, please continue to fight for them =]
In IE and Firefox you can request (through a javascript call) that the user authorize a javascript connexion to an external domain. It will prompt the user with a dialog asking if he accepts. Again in IE, if you say yes, it's for all connexions to that domain, in Firefox the user has to explicitly check the box (always allow connexions for this domain) else the box will reopen again on the next connexion try. You can also use your server as a proxy to gather all the info from other servers before rerouting them, but that just increases your server load (you could cache it to help).
No, the default PHP5 behavior is all by reference If you want a copy you have to explicitly use the clone operation on the object to get a copy. http://mjtsai.com/blog/2004/07/15/php-5-object-ref erences/
Think you need to wake-up, since PHP 5 there is the PDO extension set which supports lots of DBs and there is also the MySQL(i) extension which stands for "improved" that has prepared statements. But you are right that PHP security doesn't hold in 5 lines, it's a matter of getting something generic and right once and for all and propagate that in the tutorials to the noobs that start using it every day.
That's why some people will override PHP's default session handling and implement their own layer with possibly the addition of encryption to it so tampering can't be done. With a simple CRC check added to it before encryption you can prevent (if you are paranoid) nasty things especially if you are on shared hosting where someone could try to alter the data.
htmlentities() is another alternative that parses all HTML characters that are meant to be represented as and it supports the encoding of your choice.
you could probably get your computer to sleep lowering power consumption to very low values and on a single key-press having everything restored almost instantly.
I can't believe that they don't even have some sort of verification that the passwords aren't common things. Heck even here, when you try to change your passwords everywhere there are so many restrictions that it can't be a dictionary word or easy to guess. Simple rules - at least 1 CAP letter (means at least 1 letter) - at least one symbol (@#.,& etc.) - at least 1 number - at least 8 chars long How hard is it to enforce this.
I tried to find the source of the benchmark I read this from, but I can't find it anymore. But basically, there was a pretty significant lost of time if used alot in some code because whether there is a triggered error or not, the code has to go through some iterations because of the @. In a loop it could reduce performance depending on how much it is used. I agree that if you use it only for one line it really doesn't make a difference (usually performance hit is the DB connection more than PHP execution time) but for people wanting to optimize like hell, I would avoid it. Also, it suppresses errors even fatal ones, so your code could generate a fatal error, stop executing and you wouldn't know why because the error is suppressed completely.And no basic error checking makes for sloppy code in the long run.
Don't worry, I'm an Ada/C++ developer (PHP is for playing on spare time/projects)
The usage of @ degrades performance drastically, you're better off shutting the errors off with ini_set( 'display_errors', 0 ); and having everything go to the log file. OTOH a minimal amount of error checking wouldn't be bad either so you can customize the error messages triggered.
yeah but they keep saying it's not a console it's a Computer!!! =]
What you miss here is that the companies will milk the cow at every level they can to make their life longer. I'm pretty sure they could just jump down to 45nm or even 30nm right away, but hey, if we do that, after everyone has the best, nothing more to buy.