Month: March 2012

Categories
Security Web Development

Web Security

Some resources and notes regarding Web Application security:

Resources

Securing the Desktop

The first stage must surely be to protect the machines we're working from.  A good first step is to enable OpenDNS on your machine, or if on a home network enable it on your router to cover all machines on your network.  Within the settings of your network on OpenDNS, block access to common malware associated domains such as .ru, .cn and .nu unless you are likely to want to visit sites in those domains.

 Setting up SSL on a Web Server

If you're running a home web server, you'll want to consider enabling SSL on your server. This causes all traffic between the browser and the server to be encrypted when the HTTPS protocol is used.  Combined with a login system employing salted passwords, this will make your server reasonably safe. One note though, if you don't purchase an SSL certificate your visitors will be prompted that the certificate is untrusted when they visit your site using HTTPS.   To save the hundred dollars or so that may well be worth the inconvenience.  Users can tell the browser to accept the certificate as valid to stop the warnings.

This article gives a very good guide to the process of getting this set up on your server;

http://www3.ntu.edu.sg/home/ehchua/programming/howto/WampServer_HowTo.html

 

 

Categories
Database MySQL Snippet

Exporting MySQL Data to a .csv File

Sometimes you'll need to move data out of your database into a spreadsheet or other application to work with or to send to someone else.

The syntax below, not entirely common, will create a comma separated file at the disk location indicated. The example below refers to a windows system, adapt as appropriate for other operating systems.

Double-click on the file and it will open in Excel or any other application associated with the .csv extension.

SELECT lname,fname,address,email
INTO OUTFILE 'd:/CurrentCustomers.csv'
FIELDS
  TERMINATED BY ','
  ENCLOSED BY '"'
  ESCAPED BY '\\'
LINES
  TERMINATED BY '\n'
FROM customers
WHERE STATUS = 'current'
ORDER BY lname,fname;

A dynamic outfile name is another idea, as this statement will not overwrite an existing outfile.  An article on the  MySQL discussion board covers this, and while it does not provide a perfect answer, is points in the direction of a solution involving the PREPARE statement.

Categories
JavaScript Web Development

jQuery Troubleshooting

I recently spent a freat deal of time trying to get jQuery to run, with no success.

It all ended with the simple step of moving the loading of the jQuery below other javascript libraries in my <head> section.  Clearly there was a conflict that prevented my jQuery library from being accessed.

Benefit from my aggravating experience and save yourself some time!

Categories
JavaScript PHP Web Development

Data Validation

Some quick references here to data validation resources.  Many or most of these resources will refer to the Validate plugin for jQuery.

Server Side

http://phpmaster.com/form-validation-with-php/

Client Side

Much of client side data validation will center around jQuery.

Tutorials:

Custom Rules

Conditional Validation

Notes

To test if jQuery library is loaded, place the following in the HEAD of your document:

<script type="text/javascript">// <![CDATA[
  $().ready(function() {
    alert("HELLO");
  });
// ]]></script>