Session fixation & Session hijacking
Posted by: ferdous on: December 12, 2008
Security is a very important issue on any web application. This is why I am very pleased to introduce a security corner on my blog where I will discuss on different types of attacks. Things I will discuss here will not be vague and general overviews. If you are looking for an introduction to security than things like PHP manual could serve you better.
hmm… session fixation, session hijacking. sounds cool huh? well, we will know these right away :p before that I would like to tell something on SESSION.
What is Session?
HTTP is known as a stateless protocol. which means that the webserver does not care multiple requests come from the same user. In other words you can say that HTTP don’t remember anything when the execution is finished. Sessions are used to create a state in between requests even when they occur after weeks from each other.
Sessions are maintained by passing a unique session identifier between requests typically in a cookie (which usually resides in webserver’s file system). Session can also be passed in forms and query arguments. PHP handles sessions transparently through a combination of cookies and URL rewriting, when session.use_trans_sid is turned on in php.ini (it is off by default in PHP5) by generating a unique session ID and using it track a local data store (by default, a file in the system’s temporary directory in my case /tmp/) where session data is saved at the end of every request.
Caution: session_start() must be called before any output is sent to the browser, because it will try to set a cookie by sending a response header. Read the rest of this entry »
Test your PHP skills
Posted by: ferdous on: December 6, 2008
- In: PHP| Programming| zend
- 13 Comments
Are you working wih PHP MySQL? If your answer is yes, then you may have a look this free online test. This is an evaluation test for ZCE certification. You will find 8 questions there. Let me discuss on those questions a bit. Zillions of thanks to www.zend.com to organize this test:)
FYI I would like to suggest you not to read the rest of this post before completion of your test at : http://www.zend.com/store/education/certification/self-test.php?begin=1
Be back and read the rest of this post to check the correct answers. Good Luck!! Okay, Let’s start the test now!! Read the rest of this entry »
Creating a cronjob that runs every after one minute
Posted by: ferdous on: November 25, 2008
- In: Debian| Linux| PHP| ubuntu
- 11 Comments
What is crontab? crontab is a program which is used to install, deinstall or list the tables used to drive the cron(8) daemon in Vixie Cron. You can easily have your own crontab, and though these are files in /var/spool/cron/crontabs, they are not intended to be edited directly.
If the /etc/cron.allow file exists, then you must be listed therein in order to be allowed to use this command. If the /etc/cron.allow file does not exist but the /etc/cron.deny file does exist, then you must not be listed in the /etc/cron.deny file in order to use this command. If neither of these files exists, then depending on site-dependent configuration parameters, only the super user will be allowed to use this command, or all users will be able to use this command. For standard Ubuntu or Debian systems, all users may use this command.
The options of crontab command are given below:
If the -u option is given, it specifies the name of the user whose crontab is to be tweaked. If this option is not given, crontab examines “your” crontab, i.e., the crontab of the person executing the command.
crontab -l will show you your currently set up cron jobs on the server.
crontab -r will delete your current cron jobs.
crontab -e will allow you to add or edit your current cron jobs by using your default text editor to edit your “crontab file”. In my case Nano
Note that, vi has a bug in it and won’t work to edit your crontab! We recommend nano (which is just like pico), which is the default editor anyway! Read the rest of this entry »
Got a SmugMug pro account for FREE!!
Posted by: ferdous on: November 11, 2008
- In: Plugin| SmugMug| Wordpress
- 6 Comments
I wrote a plugin for wordpress this week, you might know already that. But you might not know that I have been rewarded a SmugMug pro account for free which worths $150 yearly charge for integrating the SmugMug API with wordpress. Thanks goes to Markham Bennett the developer account manager of SmugMug for his approval.
What I found within these few days that SmugMug is a not a merely photo hosting website like picasa, flickr etc but also it provide an awesome way to make money by selling your creativity through their website.
SmugMug released HD video player that really works great here. While other photo sharing sites have added video, they have tiny little videos that only are allowed to be 90 seconds. And people wonder why SmugMug has hundreds of thousands of people paying real money for its services? What you think?
fdsPhotoFEED v1.0.0 Released!!
Posted by: ferdous on: November 8, 2008
- In: Plugin| Wordpress
- 10 Comments
A WordPress plugin for grabbing images and image info from SmugMug, Flickr, Picasa etc RSS feed. It uses the lastRSS PHP class written by Vojtech Semecky. I have taken some reference from Hasin vai’s works. This is why this plugin is dedicated to my hero Hasin Hayder. Thanks also goes to Lenin for giving me this work . Actually this plugin is developed for the owner of www.seismictalk.com though, as per the consent of Mr Brian Brigg, we are giving this plugin for free :p
Download: You may download it from here
ABOUT:
The fdsPhotoFEED class uses the lastRSS class to grab images from a SmugMug, Flickr, Picasa etc RSS feed to display on any wordpress hosted website. It provides access to the image’s title, description, SmugMug, Flickr, Picasa etc page URL, and the image in any size that SmugMug, Flickr, Picasa etc offers.
Features:
1. It can fetch photos from SmugMug.
2. It can fetch photos from Flickr.
3. It can fetch photos from Picasa & any other RSS feed.
4. It supports image caching
5. It supports lightbox2 slideshow with navigation button Prev &
Next.
6. Image Caption is fetched and shown in lightbox2 show
Read the rest of this entry »
 |
I am Nurul Ferdous a Zend Certified Engineer (ZCE), serving at Bangladesh Internet Press Limited (BIPL) as programmer. I am a FOSS advocate and love RnD. |
- Necessary install command for Ubuntu Part-1
- Creating a cronjob that runs every after one minute
- Session fixation & Session hijacking
- Test your PHP skills
- Howto change your MAC address in ubuntu (helps in hacking)
- Installing cakePHP on Ubuntu 8.04 (Hardy Heron)
- fdsPhotoFEED v1.0.0 Released!!
- PHP 4 and 5 differences
- Got a SmugMug pro account for FREE!!
- My Resume
- Md. Shoriful Islam Ronju: Sir Eigula install korar por remove kora jai kivabe seta janale upokrito hobo.
- Buriaccourf: Автору спасибо, продолжайте нас радовать!
- Ярослав Филатов: А что Вы скажете, если я возьму на себя смелость предположить, что все Ваши сообщен
Me @ LinkedIn
My Photos @ Flickr
|
My Twitter Updates
Recent Comments