Lists li...@senseofsecurity.com wrote:
Sense of Security - Security Advisory - SOS-11-007
Release Date. 20-May-2011
Last Update.-
Vendor Notification Date. 04-Apr-2011
Product.Securimage / PHPCaptcha
Platform. PHP
Affected
Hello Lists,
Sorry for my rude words but...
there are already too many websites that either don't give us a
possibility to get an audio file instead of those damned captcha
images; there are lots of others (such as Msn) where the audio is too
distorted to be heard. It's not my
I'm posting here for completeness as I've now rolled my own date
validator (code follows my sig). It allows almost all valid 'English'
formats except ordinal day values (1st, 3rd, etc.) Because I'm in UK
and writing for a UK audience, I've parsed ambiguous dates as d/m/y.
Those writing for places
At 2:49 PM -0400 5/19/11, Joshua Kehn wrote:
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote:
Hello Alex,
Two (stupid?) questions:
1. Why PHP_SELF is better than SCRIPT_NAME?
2. Why strcmp() is better than just comparing?
--
With best regards from Ukraine,
Andre
Skype:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such
as the value in an action attribute in a form?
For example, I was using:
$self = basename($_SERVER['SCRIPT_NAME']);
form name=my_form action=?php
On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such as the
value in an action attribute in a form?
For example, I was using:
$self =
I use
define('page1, 1);
Richard L. Buskirk
-Original Message-
From: tedd [mailto:t...@sperling.com]
Sent: Saturday, May 21, 2011 10:11 AM
To: PHP General
Subject: [PHP] Script ID?
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify itself *IF*
On Sat, 2011-05-21 at 10:11 -0400, tedd wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such
as the value in an action attribute in a form?
For example, I was using:
$self =
So sorry Tedd,
I was typing away with the rest of that and after hitting send I
notice all I sent was the define.
define('PAGE_1', 1);
I use define because sometimes I want o know what script included another
and if that script does not have a defined value I do not allow it to run.
Just
On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such as the
value in an
hi folks,
I'm writing an Object Query Language which is pretty simple, you do request
such as
*SELECT e.*,c.firstName *
*FROM employee e *
*JOIN contact c ON e*
*WHERE e.id=*?
(queries don't get much more complicated than that, you have multiple
alias.fieldName in the select, then multiple
On Sat, May 21, 2011 at 3:35 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify
On 21 May 2011 17:01, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 3:35 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 3:11 PM, tedd t...@sperling.com wrote:
Hi gang:
Okay, so,what's the
On 5/21/2011 10:11 AM, tedd wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to identify
itself *IF* you plan on using that information later, such as the value in an
action attribute in a form?
For example, I was using:
$self =
On Sat, May 21, 2011 at 4:07 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 17:01, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 3:35 PM, Peter Lind peter.e.l...@gmail.com
wrote:
On 21 May 2011 16:18, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011
On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote:
*snip*
Again, this depends upon what your url scheme looks like - and without
knowing that, there's simple no clue as to whether or not this is a
good solution to the problem (though it might be a good solution to A
problem).
On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote:
*snip*
Again, this depends upon what your url scheme looks like - and without
knowing that, there's simple no clue as to whether or not this is a
good
On Sat, 2011-05-21 at 16:34 +0100, Stuart Dallas wrote:
On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote:
*snip*
Again, this depends upon what your url scheme looks like - and without
knowing that,
On Sat, May 21, 2011 at 4:48 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Sat, 2011-05-21 at 16:47 +0100, Stuart Dallas wrote:
On Sat, May 21, 2011 at 4:42 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Sat, 2011-05-21 at 16:34 +0100, Stuart Dallas wrote:
On Sat,
On Sat, 2011-05-21 at 16:53 +0100, Stuart Dallas wrote:
On Sat, May 21, 2011 at 4:48 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Sat, 2011-05-21 at 16:47 +0100, Stuart Dallas wrote:
On Sat, May 21, 2011 at 4:42 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On
On Sat, May 21, 2011 at 4:57 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 17:34, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com
wrote:
On 21 May 2011 17:18, Stuart Dallas stu...@3ft9.com wrote:
*snip*
Again,
On Sat, May 21, 2011 at 5:02 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Sat, 2011-05-21 at 16:53 +0100, Stuart Dallas wrote:
On Sat, May 21, 2011 at 4:48 PM, Ashley Sheridan
a...@ashleysheridan.co.ukwrote:
On Sat, 2011-05-21 at 16:47 +0100, Stuart Dallas wrote:
On Sat,
Dear PHP Gurus,
I have a debate on the following please let me know what is true / false.
I'am using a PHP function *is_UTF_8_file ($file_name) *that I've found
as part of my PHP 5.3 installation.
This function checks if the file start with the 3 UTF-8 BOM bytes.
However another guy told me
On 21 May 2011 18:05, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 4:57 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 17:34, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 4:24 PM, Peter Lind peter.e.l...@gmail.com
wrote:
On 21 May 2011 17:18,
On Sat, May 21, 2011 at 5:14 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 18:05, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 4:57 PM, Peter Lind peter.e.l...@gmail.com
wrote:
On 21 May 2011 17:34, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011
On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote:
*snip*
http://en.wikipedia.org/wiki/Defensive_programming
You do things your way and I'll do things my way. Best of luck to you.
Thank you for your condescending tone. Best of luck to you too.
Regards
Peter
--
hype
WWW: plphp.dk /
On 21 May 2011 18:42, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 5:33 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote:
*snip*
http://en.wikipedia.org/wiki/Defensive_programming
You do things your way and I'll do
hi,
I often use SQL that is far, far more complex than this.
well, this is why my OQL is pretty simple, it does not intend to do any
crazy stuff that you can do with SQL (as I can load objects from SQL as
well)
I had a look at other ORM, and the problem is that some are extremely
complicated
On Sat, May 21, 2011 at 12:10 PM, Eli Orr (Office) eli@logodial.comwrote:
Dear PHP Gurus,
I have a debate on the following please let me know what is true / false.
I'am using a PHP function *is_UTF_8_file ($file_name) *that I've found as
part of my PHP 5.3 installation.
This function
On Sat, May 21, 2011 at 5:33 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote:
*snip*
http://en.wikipedia.org/wiki/Defensive_programming
You do things your way and I'll do things my way. Best of luck to you.
Thank you for your
On May 21, 2011, at 9:11 AM, tedd wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script
to identify itself *IF* you plan on using that information later,
such as the value in an action attribute in a form?
For example, I was using:
$self =
On Sat, May 21, 2011 at 6:00 PM, Peter Lind peter.e.l...@gmail.com wrote:
On 21 May 2011 18:42, Stuart Dallas stu...@3ft9.com wrote:
On Sat, May 21, 2011 at 5:33 PM, Peter Lind peter.e.l...@gmail.com
wrote:
On 21 May 2011 18:26, Stuart Dallas stu...@3ft9.com wrote:
*snip*
On Sat, May 21, 2011 at 10:11 AM, tedd t...@sperling.com wrote:
Hi gang:
Okay, so,what's the best (i.e., most secure) way for your script to
identify itself *IF* you plan on using that information later, such as the
value in an action attribute in a form?
For example, I was using:
$self
At 6:29 PM +0100 5/21/11, Stuart Dallas wrote:
On Sat, May 21, 2011 at 6:00 PM, Peter Lind
mailto:peter.e.l...@gmail.competer.e.l...@gmail.com wrote:
-snip-
This was fun... we should do it again sometime! ;)
No, this wasn't fun.
As I said before, is email is a bad way to communicate. But
Hi Gang:
A word about:
http://en.wikipedia.org/wiki/Defensive_programming
Anyone read the classic CHAOS by Gleick?
The story of Mandelbrot is an interesting one where (as I remember
it, I could be wrong) he was hired to do find a Defensive solution
to telephone equipment failure. That
Yep, and it comes in handy, especially in school, lol, in advanced algorithms
and datastructures, I once submitted a project assignment that was 5 lines
long, and instead of figuring out anagrams, strcmp was very helpful :)
Sent from my Verizon Wireless 4GLTE smartphone
- Reply message
On 11-05-21 09:26 AM, tedd wrote:
At 2:49 PM -0400 5/19/11, Joshua Kehn wrote:
On May 19, 2011, at 2:44 PM, Andre Polykanine wrote:
Hello Alex,
Two (stupid?) questions:
1. Why PHP_SELF is better than SCRIPT_NAME?
2. Why strcmp() is better than just comparing?
--
With best
37 matches
Mail list logo
