Archive for the ‘Programming’ Category

Jan.31.10

How to store passwords safely with PHP and MySQL

First, let me tell you how not to store passwords and why.

Do not store password as plain text

This should be obvious. If someone gains access to your database then all user accounts are compromised. And not only that, people tend to use the same password on different sites so those accounts will be compromised as well. Your site doesn’t even need to be hacked; a system administrator could easily browse your database.

Do not try to invent your own password security

Chances are that you’re no security expert. You’re better off using a solution that has been proven to work instead of coming up with something yourself.

Do not encrypt passwords

Encryption may seem like a good idea but the process is reversible. Anyone with access to your code would have no trouble transforming the passwords back to their originals. Security through obscurity is not sufficient!

Read more…

Nov.15.09

Safer web forms with security tokens

A common issue with many web applications is their vulnerability for Cross-Site Request Forgery, or XSRF. It allows a hacker to send a malicious request to a website with an other user’s privileges. Here’s how it works:

  • A hacker creates a page with a form that submits data to example.com.
  • An administrator from example.com is tricked into visiting the page, the form is submitted using JavaScript.
  • The data is handled by example.com as if it came from the administrator (because it did).

This allows a hacker to perform administrative tasks on example.com like editing pages or deleting users.

Read more…

Oct.02.09

Using Internet Explorer 8 for IE6 and IE7 testing

I personally don’t care what my websites look like in IE6 or 7 (or 8) but for those who do there is neat little trick to test your site for these browsers.

The hard way

If you’re on Windows XP or older you can use a standalone version of IE6. If you’re on Windows 7 (not the beta though), you can use Microsoft’s free “IE Application Compatibility VPC Image” to run XP with IE6 or 7 in a virtual machine. If you’re on any other operating system (Windows Vista, Mac OS, Linux) and have a Windows XP license you can run it using a VM like VirtualBox.

The easy way

If you’re already running IE8 there is an easier way. Compatibility View will render pages as IE7, and a missing doctype will cause pages to be rendered as IE6 in quirks mode.

You can simply remove the doctype from your pages when you’re testing for IE6 or ― if you’re using PHP ― add a simple switch:

<?php if ( !isset($_GET['ie6']) ): ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
strict.dtd">
<?php endif ?>

Now you can simply add “?ie6” to the URL in IE8 to see what your page looks like in IE6. You can even keep several tabs open to make sure it works with all versions.

May.16.09

Object Oriented CSS

Okay, there is no such thing as object oriented CSS. But there are advantages in OO programming that we can use in CSS.

p {
    margin: 0;
}
 
#content p {
    margin: 1em 0;
}

In this example p would be a class and #content p would be an instance of that class. Let’s say the margin set in p is a method and we got the basic concepts of OOP.

Read more…

Mar.28.09

PHP: How not to pollute the global scope

An emerging trend in JavaScript is to wrap entire programs in a single object to prevent conflicts with other scripts. The same can be done with PHP, something I haven’t seen done very often.

Read more…

Mar.25.09

Tips for writing compact PHP code

Writing compact code can save you time. It’s not always recommended and often even strongly discouraged as it makes your code less readable, but for simple operations it can be more efficient. In this post I will give a few examples.

Read more…