[back]
02/18/01 "Tighter Security &
Various Useful Tips" 
[next] 02/18/01 "Tighter Security &
Various Useful Tips" [next]Diary Entries - TDavid reflections
Thank you to all those that write and ask if I'm still doing my diary entries. It is nice to know that people on the web are enjoying them and I am writing today to tell you that I haven't died or stopped updating this website, I've just grown to a point where daily updating the 3 different scripting-related websites (soon to be adding 1-2 more) personally is virtually impossible. I am training someone to help me reduce workload now so maybe this will free up time for me again to return to a more consistent schedule of updating this site :) It gives me great pleasure to know that many, many people visit this site every day and find usefulness here. I'm going to keep adding to this value.
Where have I been? I've been busy working on developing http://www.scriptschool.com/ where we provide a true training ground for learning various scripting languages. Script School is an ongoing project where students can take full length courses on how to code in various scripting languages. There are course to-do's, threaded message boardforums, IRC workshop logs, audio archives plus a weekly show we broadcast from our office LIVE every Friday from 2-4pm PST. Enrolled students can get free test server space to test their code development. I suggest you check this site out, and this is much more than just a plug. This site is FREE (as of this writing) also and there aren't many others like it. In fact I haven't found another site like it that offers as much as we do absolutely FREE. It is sponsored by some adult webmaster sites (the cost of streaming radio over the net in 4 different formats is not cheap, believe me), so if this kind of thing irritates or offends you, then keep your browser here. Some may wonder why I never have provided these instructional courses here. Why not? Well, it wasn't the intention of the site (I'll explain more on this in a bit) and also learning Perl and other languages at a site called "php-scripts" doesn't make much sense to me. Yeah, I'm one of those suckers who still thinks a domain should have some meaning, lol. Maybe I should have called this php-scripts-diaries.com lol .. I didn't check to see if that is a valid url, but it might be by now!
I currently don't have -- nor never have had -- any third party advertising or sponsorships here. Thank you to those who have written to me and graciously offered to pay for advertising (you are encouraged to advertise at Script School, click here for more information). Perhaps someday I will put up third-party advertising here, but for now I'm going to continue to pay for this site out of my own pocket. If you think what I am doing here is noble and worthy, you are certainly welcome to donate to the cause by sending check or money orders to our business address at: http://www.tdscripts.com/contact.html -- please put in the description area "php-scripts donation" -- these donations are NOT a tax writeoff as we are not a registered charitable organization, but it would be help for me to offset the expenses this site brings (and these expenses are growing over time). Give me your URL and I'll put it up in these diary entries thanking you for helping to fight nerd persecution! :) If you don't send money, can't send it, or won't, that's cool, but please keep sending those friendly emails or buy a script at TD Scripts or visit a sponsor at Script School -- all of these actions do help me at some level. Nonetheless, it is very encouraging and spiritually satisfying to see a site like this growing that helps people :)
As already mentioned, I never intended for php-scripts.com to be a place to learn scripting in php, rather I intended it to be a place for me to share various nuggets of info I've learned "along the way" in a diary-style format -- I don't exactly learn in a way that is linear and logical to many, because I jump all around on things that are important for me to figure out for the specific project I'm working on at a specific moment in time. If you want to learn PHP programming, again, I would head on over to http://www.scriptschool.com/.
However, if you are interested in looking inside my head and possibly picking up a few nuggets that I've learned, then keep your browser pointed here. My original goals and intentions haven't changed for this site, although I'm really going to try and work on automating (using php of course) this interface more so that it is easier for me to update the new diary entries -- and provide more of them more often. Daily is impossible with my current workload, but weekly shouldn't be such a stretch and that is my goal heretofore -- to get in here at least once per week and give you a new diary update :)
What's new in the PHP world? Well since my last diary entry php 4.0 has come out, and then php 4.0+ ... and the zend line of products along with them. I finally removed the php3 icon from the main page ... doh! There's a ton of new features and support in PHP that wasn't there before. To say I haven't learned anything in the last 6 months is an understatement at the least, I just haven't been able to get over here and report on any of it. So today I'm going to jump around and throw out a few nuggets of info I've picked up over the last 6 months to share:
List of values for $HTTP_USER_AGENT
http://www.htmlcompendium.org/7agent.htm
Random id order in mySQL version 3.23 -- SQL SYNTAX
SELECT id,FLOOR(value/100) FROM tbl_name ORDER BY RAND();
mySQL Security
When changing passwords you should use a single a setup file so changing a bunch of different scripts isn't required if you change your password. You can set the password at the mySQL monitor prompt in telnet (I'd recommend using SSH instead of telnet because it is easy to sniff passwords using telnet, since they aren't encrypted) by using the following command:
mysql> set password=password('OLD_PASS')
Most security manuals recommend that you change passwords at least once every 30 days. A good system to remind yourself to do so can be helpful when you have lots of different logins. You can use mySQL to remind you by creating a reminder system!
Where to get an SSH client?
You can goto http://www.vandyke.com/ and get secureCRT and secureFX (FTP) which are two very good programs.
$HTTP_REFERER versus $HTTP_SERV_VARS["HTTP_REFERER"]
Reposted from the php
programming forum that I moderate (as of this writing):
"The solution is to use
$HTTP_SERVER_VARS["HTTP_REFERER"] which should yield the proper variable, works
out of the box in php 4.0.3+ and requires the track_vars php3.ini directive in previous
versions.
in 4.0.3+, you can't disable this as a serie of security flaws in PHP stuff have shown that you can't trust any preset for anything non-trivial.
I find it practical to stash all those variables in an object that has an array and a serie of accessor methods, so I can pass the object to any function/objects that use it. Probably irrelevent if your php page is less then a 1000 lines, but you never know ;-)" - Saruman
TDavid: I have been replacing when I know they have newer versions of PHP the referrer checking code used in prior diary entry because this one is more accurate. Sure, hackers can still spoof the referring url, but it does provide a little better security. Just remember though that it is NOT backwards compatible.
PHP Manual - TDavid style?
I am working on my own version of the PHP Manual and will be offered over at Script School in the library (which is currently under construction). I might go through how to build this application here, however as it will be database driven and quite useful (to me anyway, hehe).
Please vote on the usefulness of this diary entry so other people will know if it is worth their time to read :)
[back] 02/18/01 "Tighter
Security & Various Useful Tips" [next]
PHP Diary | Script School | PHP Scripts | TD Scripts.com
Copyright 1999-2001 php-scripts Last Modified 02/19/01 12:00