When setting up a office/corporate network environment, users may complain that it is frustrating to have to change their password every so often, or have to come up with difficult passwords. Despise the user’s arguments, although valid, remember the security risk that it poses. If you have simple passwords, maybe something common that all users share, it’s easy for unauthorized access into the system. If someone guesses or gets hold of one user’s password, it may be possible to guess the rest. Protect your data and files – enforce a password policy on your network, with an expiration on passwords. Use requirements such as at least one capital letter, and a number or special character to increase security. Your data is YOUR data – so make sure it’s safe from prying eyes!
Corporate Password Policy
February 20th, 2010 by rogueBest Programming Practices #2 – Parameters
January 28th, 2010 by Chris SunamiThis may seem like a no brainer, but it is often done wrong.
Set your parameters once and once only. In other words, if you have ANY value that will be used more than once in your program, set a variable to that value and use the variable in the body of the program.
In other words:
variable1 = 40
width=variable1
rows=variable1
NOT
width=40
rows=40
Sure it’s one extra step now. But if you ever change that value (and you probably will!), you’ll be able to change it in one place rather than hunting and searching for the fifty different places where you hard coded the value into your program. It also means that you only have to worry about typos the first time through the program, not after each value change.
And of course, it goes without saying that you should keep all your parameters in one, easy-to-find place. Your future self will thank you.
Go Green With Computer Recycling!
January 13th, 2010 by Jen EckelberryDon’t throw your old electronics in the trash. Many electronics contain substances that can be harmful to the environment, and they should be recycled and disposed of properly. In the Columbus area, your company can use a service with free pickup and recycling services such as Possitivity (http://www.possitivitygreen.com/), or use the internet to find another environmentally responsible way to recycle your personal electronic waste.
Best Programming Practices #1 – multiple files
December 29th, 2009 by Chris SunamiWhen I first started out as a programmer, I didn’t have much of a concept of best programming practices. If anything, I saw them as barriers in the way of doing what I really wanted to do. And although there are plenty of people on the web willing to yell at you when you don’t follow good programming practices, there aren’t so many good explanations for beginners on what makes those practices good. So this is the start of a series of quick tips on good programming practices and what makes them good.
Tip #1: Divide your program up into multiple files.
This used to drive me crazy when I first started as a programmer. I would go in to work on a program and find five hundred separate little files, which would force me to hunt laboriously through them in order to find what I wanted. I disliked this practice so much, I would often rewrite other people’s programs to put all the little files into one big one. But guess what? There were good reasons behind it all:
- Debugging: If something goes wrong with your program –and it will– it’s much easier to disable one included file at a time then to search through a single massive program.
- Reusability: Some portions of your code will be used over and over again, either within the same program or in a wholly separate project. Save that code as a separate file, and you can use it anywhere, no cutting and pasting involved.
- Structure: A properly named and organized system of subdirectories can make the organization of your program clear at a glance.
Of course, the key to making this tip work for you is organization. It isn’t helpful at all to look through five hundred mysteriously named and ordered subroutines. But if each separate file has a name that clearly identifies what it does, and is placed in a folder with other similar files, it eliminates a lot of the fruitless searching.
PHP MySQL Dump or Export
November 3rd, 2009 by Chris SunamiI searched all over for this information, and never found it in a easy-to-use format:
Here’s the situation. You have php access to a MySQL –or other SQL variant– server. You don’t have phpMyAdmin, you don’t have command line access. You would like to export some of the data, but not necessarily all of it, because perhaps the full database is too large.
The SQL command that makes this simple is: “SHOW CREATE TABLE table_name”
Use that as your query, and the output will be the complete SQL command for creating a table. The only other thing you need is to turn the data output into insert statements, which is trivial.
Here’s a complete script –notice how short it is:
mysql_connect($sql_host, $sql_user, $sql_password) or exit(mysql_error());
mysql_select_db($sql_db) or exit(mysql_error());
$result=mysql_query("SHOW TABLES");
echo mysql_error();
while ($row=mysql_fetch_array($result)){
$tableName=$row[0];
$query2="SHOW CREATE TABLE $tableName";
$result2 = mysql_query($query2);
$row2=mysql_fetch_array($result2);
echo "$row2[1];\n";
$query3 = "SELECT * FROM $tableName";
$result3 = mysql_query($query3);
while ($row3=mysql_fetch_array($result3)){
$header_array=array();
$line_array=array();
foreach ($row3 as $key=>$value){
if (!is_numeric($key)){
$header_array[]="$key";
$line_array[]="'$value'";
}
}
echo "INSERT INTO $tableName (".implode(", ", $header_array).") VALUES (".implode(", ",$line_array).");\n";
}
}
}
mysql_close();
The Clampi Virus and other Malware
September 22nd, 2009 by Rick ShanteryThere is a rash of news recently about an old virus, the Clampi virus. It is designed to run and do little until the user logs into an online banking site. It then captures the username and password of the person logging in and sends it off to the malware writers who use the information to withdraw money from the victim’s account.
This is really nothing new.
Viruses and other malware of this type have been around for a long time. Either through programs that do similar things, including capturing keystrokes, to “Phishing” attacks, which are specially crafted e-mails that trick users into visiting websites that look legitimate, but actually are fraudulent copies of the genuine site.
The removal instructions for this virus are the same as for most others, turn off system restore, boot in safe mode, run scans, and clean out the registry of the data the virus inserts. Since most new malware uses dynamic naming, that is the name of the program file for the virus is random, you can’t immediately identify which file it is.
Due to multiple vulnerabilities within Windows itself, it is often too late once the victim has visited the website to protect the computer. It is better if it is blocked before it enters your business network.
NMP has a security product, the NMP Expanse, that will intercept and block viruses, spyware, trojan programs, phishing attacks, spam, and other bad data from ever reaching the inside of your network. Best of all, it can be installed without having to reconfigure your network. It can sit quietly and filter all of the traffic going both in and out of your network.
While you still need software on your desktop to protect your system, it is most effective to block the attacks before they ever reach your computer.
Links For Web Design
September 15th, 2009 by Chris SunamiHere’s a list of some good links. A lot of these are great for beginners –they are places I relied on many years ago when I was first starting in Web Design.
http://www.cdilearn.com/cmat/html/crossref.html - HTML tags. Anyone who works in web design should know basic HTML –there’s no excuse not to, no matter how shiny and full featured your web page editor might be.
http://www.ascii.cl/htmlcodes.htm – ASCII codes. You’ll need these to go along with your HTML.
http://www.tizag.com/ – They have some excellent beginner’s tutorials for php, asp, mysql and other web essentials.
Those three are pages I’ve used for years –now here’s one I just found today: a clear concise cheatsheet for .htaccess regex (regular expressions redirects).
http://forums.doctornuke.com/apache-web-http-server/423-tips-regex-code-htaccess.html
Object Oriented Programming
September 9th, 2009 by Chris SunamiFor years I resisted object oriented programming. If you’re used to linear programming it can be quite a mental adjustment. But there are some very good reasons that the object-oriented approach has revolutionized programming.
Perhaps the easiest way to understand the “objects” of object oriented programming are as specialized stand-alone programs. There are ways to get data into them, ways to get data out of them, and functions that do things with the data.
The important part of this idea is “stand-alone”. The nice thing about the objects is that nothing that happens inside of them directly affects the outside world. This makes it easy for a programmer to use many objects together, even if some of the objects were programmed by someone else. There’s no worry that you might accidentally use the same name for two different variables, or that your programming might conflict with the other person’s methods.
In addition, since each object has a limited, specialized function, if there’s a programming error, it’s easy to find the source, isolate the problem, and fix it without breaking other parts of your program.
The final value of object oriented programming is that it makes it easier to read programming code (at least assuming you understand the OOP programming conventions and syntax!). This is because your main program now contains only the large overall structure of the program. When you get to an object, assuming it is well-named, you can tell what it does at a glance.
Although objects can be quite complex on the inside, if you do ever have to get inside an object and tinker with it, the fact that you know it is designed for specific limited tasks will help you understand what you are looking at. In addition, the fact that objects can contain other objects means that even the inside of an object can benefit from the same simplifying effect as does the main program.
In summary: programmers, don’t be frightened by OOP. An object is nothing but a self-contained program with input, output and internal transformations.
The Power of URL Masking
August 21st, 2009 by Chris SunamiThere’s almost no tool I lean on more heavily than my .htaccess file. This invisible file generally sits in the root directory on an Apache served website. From there it seamlessly controls all the web traffic of your site.
Some of the common uses of the htaccess file are to redirect 404 errors to a custom “Page Not Found” page, to restrict access to a directory or file or to prevent directory listings –all very important and useful activities. But my favorite use of the .htaccess file is for URL masking.
In general, if you go to a URL –say http://www.example.com/sweets/taffy.html –it means that there is a file called “taffy.html” in a directory called “sweets” on a server directed to by the domain name “example.com”, subdomain “www”. With a htaccess file, however, you can insert a redirect command that will invisibly redirect incoming traffic to that URL to any other file on your domain.
There are three major reasons for URL masking.
1. As a security measure. If you don’t want everyone who visits your site to know what language you’re programming in or where your files are located, URL masking is your only hope. So “sweets/taffy.html” might really be “cgi-bin/taffy.pl” or “asp/taffy.asp” or “programs/taffy.php”.
2. To make your URLs look better if you have “dynamic pages”, meaning that you are passing variables to the programming through the URL string. For instance, “test.asp?p=5&dir=pizza&s_id=11950″ can become “pizza/11950/page5.html”. This has the added security advantage of concealing the names of the variables being passed through the URL. Of course, you still access the passed variables the same way in the actual programming –through the $_GET or $_REQUEST superglobal for php, or via the Request object for asp.
3. For Search Engine Optimization. This last may be the most common use of URL masking because it’s automatically built into many blogging and shopping cart programs. For whatever reason, search engines tend not to like dynamic URLs with a lot of queries visible in the string, so URL masking can give the search engines the appearance of the orderly directory-and-stable-pages they prefer. And if you’ve ever wondered how that particular piece of magic is being performed by your favorite blog platform, this is probably the answer.
A note of caution –all relative links will parse in relationship to the displayed URL. So if you have a file at “/programming.pl?dir=fox” but it displays as “fox/testprogram.html”, a relative link like “index.html” will take you to “fox/index.html”, not “index.html” in the root directory as you may have intended. That also goes for the page images if they have relative links.
OK –theory is fine, but what about practice? How do you use the htaccess?
First make sure that Apache has mod_rewrite enabled.
Then create a file in the root web directory called “.htaccess” (there may be one there already. If so, you can add on to the end of it, but don’t erase it or you’ll change the way your site functions).
Add these lines of code:
RewriteEngine on
RewriteBase /
After RewriteBase put “/” if you are in the root directory, or the name of the subdirectory if you are in one (which is not generally a good idea –it’s best to have your URL rewrites as close to the root as possible).
Now you can add as many rules as you want, in the following format
RewriteRule ^URL that is being masked$ DisplayedURL
So, the URL that the person will browse to, which should be written relative to the current directory, goes in between a caret (“^”) and a dollar sign (“$”) followed by a space and then the real location of the file.
RewriteRule ^sweets/taffy\.html$ programs/taffy.asp
(Note: The “.” in the first URL must be escaped by placing “\” in front of it, because otherwise it is read by the program as a wildcard matching any character. The second URL displays as written).
The rewrite rules become much more powerful when you add the ability to use regex (‘regular expressions’) which allow you to rewrite an unlimited number of URLs with a single rule.
RewriteRule ^sweets/(.*)\.html$ programs/$1.asp
Anything enclosed in parenthesis in the first URL is saved for reuse in the second URL. The first set of parenthesis goes into the variable “$1″, the second in the variable “$2″ and so forth.
As mentioned before, the “.” stands for any non-whitespace character. The * means match as many of those characters as you want. In effect, we’re telling the program to save anything between “sweets/” and “.html” and to place whatever that is in the variable “$1″.
So this new rule will still redirect “sweets/taffy.html” to “programs/taffy.asp”, but it will also redirect “sweets/toffee.html” to “programs/toffee.asp”, and “sweets/chocolate.html” to “programs/chocolate.asp”. Anything that matches the pattern will work!
There’s much more to rewriting URLs, but this little bit is enough to get a lot of valuable work done. Just be careful! Any small mistake in the .htaccess file can make your entire site inaccessible.
Flash Vulnerability
August 4th, 2009 by Chris SunamiAdobe has recently announced a serious security vulnerability in older versions of its popular “Flash Player” program. If exploited, the unpatched versions of this program could allow a hacker to gain control of your PC. The patched version of the Flash plugin is 10.0r32 and is available directly from Adobe at http://get.adobe.com/flashplayer/