Thursday, March 26, 2009
Web Security
http://www.selfseo.com/website_security_articles.php
http://www.askapache.com/htaccess/security-with-apache-htaccess.html
http://www.sitesecuritytips.com/how-to-check-website-security-2/
http://www.debian-administration.org/articles/465
http://www.watsonhall.com/methodology/top10-website-security-myths.pl
http://www.onlinesecurity-guide.com/
http://www.stopbadware.org/home/security
http://www.kent-website-designer.co.uk/website_security.html
http://www.phpfreaks.com/tutorial/php-security/
http://www.webmasters-central.com/t/siteprotection/images.shtml
http://daniel0.net/phpfreaks_tutorials/php_security/php_security.pdf
http://www.webmasters-central.com/t/siteprotection/email.shtml
http://www.owasp.org/index.php/Reviewing_Code_for_Cross-site_scripting
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.mobiledatanow.com
Enjoy Browsing........
How to convert video files into FLV by mobile device
2 - Use this Email for sending video from mobile via internet to username@domain.com.
3 - Make a script for reading these email from user’s inbox by IMAP function.
4 - Create a cron job (every hour) for read/save these attached video to site in a folder.
5 - Make a script for converting these videos to FLV by ffmpeg and mail user about converted video by email.
6 - Enjoy videos. :)
Useful Linux Commands……
General Information
# cat /proc/version (Linux Version)
# cat /proc/meminfo (Memory Information)
Zip File/Folder in Linux
# zip -9 -r
# zip -9
Use “-9? for best compression. The compressed file works fine with Windows XP compression tool.
Execute Shell Script
# chmod x+ file.sh
# ./file.sh
System User
# useradd -d /var/www wwwuser
# passwd wwwuser
# userdel wwwuser
# userdel -r wwwuser
List loaded Modules
# lsmod
Extract here
# tar -xvzf latest.tar.gz -C ./(folder name)
# unzip file.zip
Upload site with zipped version
# zip -9 -r /var/www/html/html.zip /var/www/html
# wget http://75.101.199.175/html.zip
# unzip html.zip
# cd /root/var/www/html
# mv * /var/www
Create shortcuts in linux
# rm -rf /var/www/
# ln -sf /var/scalr/app/www /var/
# chmod a+rX -R /var/www
# ln -sf /var/log/apache2 /var/www/logs
Compute Load
# uptime (1,5,15 minute)
# w
# top
* CPU usage
* ‘uptime’ for load average
* ‘top’ for an overall system view
* ‘iostat’ for storage I/O statistics
* ‘netstat’ for network statistics
* ‘mpstat’ for CPU statistics
* ‘tload’ for display an ncurses graphic of the recent load
Linux Ports/processes
# netstat -an
# lsof -i
# nslookup www.*.com
# ps aux | grep mysqld
# netstat -an
# netstat -an | grep 3306
Updrage php 5.2.x
cd /etc/yum.repos.d
wget http://remi.collet.free.fr/rpms/remi-fedora.repo
yum –enablerepo=remi update mysql
yum –enablerepo=remi update php
apachectl restart
Others
# whereis file
# locate filename
# find / -name filename
# shutdown -r now (restart)
PHP Web Tricks/Tips
Some Web PHP Tricks/Tips
Database:
1. Delete all information from databse related to, if deleting user or any content from CMS.
2. Use PDO, ADO, Pear, Zend etc. library to connect to database.
3. Take regular backup for database.
4. Use better naming convension.
Folders:
1. Use better naming convension.
2. Take regular backup for folders.
3. Protect project’s folder to unauthorized access, just put index.html or use apache security.
4. Folder name are case sensitive on servers like linux.
5. Don’t use 0777 permission on any folder use 0755.
Files:
1. Use better naming convension.
2. Use better documentation for web files, apply comments for coding and indent it.
3. Make consistency in DB, Filesnames, Variables, Page design.
4. Take regular backup for files.
5. Use caching for file to make site speed more fast.
6. Create debug files .txt, .log, .html etc. (fopen() | fwrite()) for tracking logical bugs.
Images:
1. Use version number in image URL to avoid image caching. ()
2. Images should have Etags, Max Age and far future expired header for caching.
3. Use a global funtion to display images ( draw_images($src, $attr); )
Class:
1. Use better naming convension.
2. Use encryption class (md5, sha, base64 etc. with salt) for storing password and important data into database.
3. Spidering web page (Curl, Pear etc.) is used for getting content of web page.
Functions:
1. Use function or include files for multiple use of web data to make reusability, integrity and productivity.
2. Use PHP session ID, remote IP and page name on increment views/hits.
3. Make function to load CSS, JS, Links, Forms & Elements, Images, Iframes etc. on webpage. (load_css_file(), load_js_file()….)
4. Looping should be start from Left to Right…
Variables:
1. Use better naming convension.
2. Use defined variables/constants for folder names, DB table names, Files and global variables (avoid hard coding, be happy coder).
CSS:
1. Avoid inline CSS on pages because it effect the page load time & speed also it matter in W3C validation.
2. Combine multiple CSS file in a single file with cached version.
3. Avoid conflict in CSS.
4. Avoid CSS expressions.
5. Use CSS Sprite for images.
JS:
1. Avoid inline JS on pages because it effect the page load time & speed also it matter in W3C validation.
2. Combine multiple JS file in a single file with cached version.
3. Use valid syntax for browser checking in javascript.
4. Avoid duplicate JS function.
Ajax:
1. Minimize the errors in HTML closing tags etc.
2. Use proper hyrarchy for HTML tags.
3. Use Math.random() in Ajax URL as parameter.
4. Send URL as parameter after encodeURIComponent() similar to urlencode() in PHP.
5. Use file_get_contents($url) for first time filling Ajax DIV.
6. Use new window to display javascript alert debug messages as append messages in log files.
7. Use Ajax Cached version.
WebPage:
1. On login page username/password should be case sensitive.
2. Open terms of use page in popup window on registration page.
3. Use better UI for Errors/Success messages.
4. Use cancle button near submit button.
5. Use captcha code on pages by session value to avoid Spams.
6. Put valid ALT values in IMG tags.
7. Use Enter button event on form’s submit control.
8. Use scrolling DIV on webpages for better GUI.
9. Use returnto parameter for redirecting page after login.
10. Use remember option on login page.
11. Use valid/correct statements in error/success/warning messages.
12. Use dynamic Title and Meta tags on page.
13. Use error pages like 404, 500 etc. by .htaccess
14. Use good NO/Blank image for image not found.
15. Use htmlspecialchars() in strings displayed on webpages for W3C validations.
16. Use favicon for webpages for better GUI.
Emails:
1. Use good words like Dear, Regards, Thanks etc. in emails.
2. Attach some links, images, videos etc. for proper understanding.
3. Use reference and ref. # in emails.
Tools:
1. Use IDE like APTANA, Dreamweaver, Zend Editor.
2. Use DW’s context menu for HTML/PHP code to avoid W3C errors/warnings.
3. Use FireFox plugins for development (Web Developer, Firebug, Scribefire, ColorZilla, FireFTP, S3Fire, ElastoFox, Gtalk, GrabScreen, YSlow, FireShot etc.) for site’s speed, performance and optimization.
4. Make sure we are using secure FTP, Email Client….
5. Command Line tools (putty, CMD etc.) are very good utilities for batch processes and large files.
Search:
1. View source and display function (echo, print etc.) are very useful for finding bugs and faults.
2. Try to search visual concept like jQuery, Ajax etc. on google images search engine.
3. Use google operator for getting better results.
Keep browsing, happy coding…….