Categories
Security Web Development

Web Security

Some resources and notes regarding Web Application security:

Resources

Securing the Desktop

The first stage must surely be to protect the machines we're working from.  A good first step is to enable OpenDNS on your machine, or if on a home network enable it on your router to cover all machines on your network.  Within the settings of your network on OpenDNS, block access to common malware associated domains such as .ru, .cn and .nu unless you are likely to want to visit sites in those domains.

 Setting up SSL on a Web Server

If you're running a home web server, you'll want to consider enabling SSL on your server. This causes all traffic between the browser and the server to be encrypted when the HTTPS protocol is used.  Combined with a login system employing salted passwords, this will make your server reasonably safe. One note though, if you don't purchase an SSL certificate your visitors will be prompted that the certificate is untrusted when they visit your site using HTTPS.   To save the hundred dollars or so that may well be worth the inconvenience.  Users can tell the browser to accept the certificate as valid to stop the warnings.

This article gives a very good guide to the process of getting this set up on your server;

http://www3.ntu.edu.sg/home/ehchua/programming/howto/WampServer_HowTo.html

 

 

Categories
JavaScript Web Development

jQuery Troubleshooting

I recently spent a freat deal of time trying to get jQuery to run, with no success.

It all ended with the simple step of moving the loading of the jQuery below other javascript libraries in my <head> section.  Clearly there was a conflict that prevented my jQuery library from being accessed.

Benefit from my aggravating experience and save yourself some time!

Categories
JavaScript PHP Web Development

Data Validation

Some quick references here to data validation resources.  Many or most of these resources will refer to the Validate plugin for jQuery.

Server Side

http://phpmaster.com/form-validation-with-php/

Client Side

Much of client side data validation will center around jQuery.

Tutorials:

Custom Rules

Conditional Validation

Notes

To test if jQuery library is loaded, place the following in the HEAD of your document:

<script type="text/javascript">// <![CDATA[
  $().ready(function() {
    alert("HELLO");
  });
// ]]></script>

 

Categories
Web Development

Make your .php extension optional

Place the following code in your .htaccess file to make the .php extension on your pages optional.

RewriteEngine on
# ----- make .php extension optional -----
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ $1.php [QSA,L]
# ---- /make .php extension optional -----

Further suggestions on URL rewriting can be found these articles:

Categories
Web Development

Subversion Notes

As I dip my toe in the SVN (Subversion) pond, I'll post here some resources for my own edification and that of anyone else who cares to follow this page.

Subversion Book Version Control with Subversion: For Subversion 1.5

Getting Started with SVN on Snipe.net