This is a great article about the most common web security vulnerabilities, from Smashing Magazine. If your a novice it will probably open your eyes and strike a spear of fear through you, but not to worry. With a little reserach you’ll be able to overcome most if not all of the covered vulnerabilities and make your site quite secure. If your an expert, you may find it interesting just what percentages these vulnerabilities are.
Archive for the ‘Coding’ Category
Web Security: Are You Part Of The Problem?
Monday, January 18th, 2010Help Save MySQL!
Monday, January 4th, 2010
If Oracle buys MySQL as part of Sun, database customers will pay the bill.
In April 2009, Oracle announced that it had agreed to acquire Sun. Since Sun had acquired MySQL the previous year, this would mean that Oracle, the market leader for closed source databases, would get to own MySQL, the most popular open source database.
If Oracle acquired MySQL on that basis, it would have as much control over MySQL as money can possibly buy over an open source project. In fact, for most open source projects (such as Linux or Apache) there isn’t any comparable way for a competitor to buy even one tenth as much influence. But MySQL’s success has always depended on the company behind it that develops, sells and promotes it. That company (initially MySQL AB, then Sun) has always owned the important intellectual property rights (IPRs), most notably the trademark, copyright and (so far only for defensive purposes) patents. It has used the IPRs to produce income and has reinvested a large part of those revenues in development, getting not only bigger but also better with time.
If those IPRs fall into the hands of MySQL’s primary competitor, then MySQL immediately ceases to be an alternative to Oracle’s own high-priced products. So far, customers had the choice to use MySQL in new projects instead of Oracle’s products. Some large companies even migrated (switched) from Oracle to MySQL for existing software solutions. And every one could credibly threaten Oracle’s salespeople with using MySQL unless a major discount was granted. If Oracle owns MySQL, it will only laugh when customers try this. Getting rid of this problem is easily worth one billion dollars a year to Oracle, if not more.
Source: Help Save MySQL!
OS X Colour Picker & HEXColorPicker
Tuesday, November 24th, 2009I’m a big fan of Firefox, purely down to the amount of add-ons it has to customise and help my daily job of Web Design & Development. However, I can’t help looking across to Safari when the latest release of FF (in this case 3.5.3) makes some of my add-ons incompatiable!
In this example is the advanced colour picker called ColorZilla, from iosart.com. It’s a very clever.
ColorPicker that sits in the bottom left of the browser, ready to pick any colour on the web page and immediately converts it to RGB or HEX. Very very useful!!
However, it seems to be incompatiable with the latest release of FF. So, what to do…
Here’s one solution. Use the built Mac (look away now PC users) Colour Picker. It’s in many applications and it is very precise and user freindly. Here’s how to launch it, without having the application open, and save it in your applications folder!
1) If you use Spotlight, or Google Quick Search Box, simply type in “AppleScript Editor”, or navigate to your Applications folder and find ‘AppleScript Editor’.
2) Once AppleScript Editor is open, type in “choose color” and Save As > Application, and save it in your Applications folder. I simply decided on ‘Choose Color’.
3) That’s it, you’re done. Laucnhing your new application launches the Mac’s Colour Picker.
4) You can extend this application further by adding HEX capability by installing HexColorPicker.
5) Me being me, changed the default icon to this one
Mac PHP Function Reference Dashboard Widget
Tuesday, October 13th, 2009
Here is my new favourite Dashboard Widget for the Mac, well, for this month anyway!
PHP Function Reference allows you to quickly lookup the documentation for the PHP web programming language.
Brilliantly, it also has a quick-link to the Date Formatter, that is also interactive! You can live test in the Dashboard your desired date format.
JavaScript: Object Literals to Pass Optional Arguments
Saturday, October 10th, 2009Here is a handy coding tip to keep in mind when dealing with functions that can accept a large number of optional arguments. Instead of passing the large number of arguments in the conventional fashion, which could unnecessarily complicate the function, you can pass just one argument which ends up being a collection of arguments declared in an object literal.
Let’s look, first of all, at how we might do this in the typical manner, so we can see the contrast:
function showStatistics(name, team, position, average, homeruns, rbi) {
document.write("<p><strong>Name:</strong> " + arguments[0] + "<br />");
document.write("<strong>Team:</strong> " + arguments[1] + "<br />");
if (typeof arguments[2] === "string") {
document.write("<strong>Position:</strong> " + position + "<br />");
}
if (typeof arguments[3] === "number") {
document.write("<strong>Batting Average:</strong> " + average + "<br />");
}
if (typeof arguments[4] === "number") {
document.write("<strong>Home Runs:</strong> " + homeruns + "<br />");
}
if (typeof arguments[5] === "number") {
document.write("<strong>Runs Batted In:</strong> " + rbi + "</p>");
}
}
showStatistics("Mark Teixeira");
showStatistics("Mark Teixeira", "New York Yankees");
showStatistics("Mark Teixeira", "New York Yankees", "1st Base", .284, 32, 101);
The function above can take up to 6 arguments. The first two arguments are mandatory, so inside the function, we don’t check for their existence. The last 4 arguments are not mandatory, so we only display their values if they exist.
We call the function 3 different times (last 3 lines), with different numbers of arguments each time. You can see that if the number of passed arguments was in the dozens, or more, the code could look a little messy, and would be harder to maintain, or read.
Now let’s look at the same code using object literals to pass the arguments:
function showStatistics(args) {
document.write("<p><strong>Name:</strong> " + args.name + "<br />");
document.write("<strong>Team:</strong> " + args.team + "<br />");
if (typeof args.position === "string") {
document.write("<strong>Position:</strong> " + args.position + "<br />");
}
if (typeof args.average === "number") {
document.write("<strong>Average:</strong> " + args.average + "<br />");
}
if (typeof args.homeruns === "number") {
document.write("<strong>Home Runs:</strong> " + args.homeruns + "<br />");
}
if (typeof args.rbi === "number") {
document.write("<strong>Runs Batted In:</strong> " + args.rbi + "</p>");
}
}
showStatistics({
name: "Mark Teixeira"
});
showStatistics({
name: "Mark Teixeira",
team: "New York Yankees"
});
showStatistics({
name: "Mark Teixeira",
team: "New York Yankees",
position: "1st Base",
average: .284,
homeruns: 32,
rbi: 101
});
Technically, this second method of passing the arguments might require a little bit more code, but with a large collection of arguments, there are a few advantages.
First, the function itself is simplified because it accepts only one argument (args), which is a collection of all the values passed from the object literal (name, team, position, etc). Plus, the actual argument values are easy to read, and can easily be understood, updated, or modified, since the correlation between the values and the argument references are more direct.
If the function required only a small number of arguments, then this method would not be necessary, and might actually have the opposite effect. So, use this technique sparingly, and only in situations where you foresee the collection of arguments being hard to maintain over time.
Source: Six Revisions
