Archive for the 'Security' Category

How to eliminate Mixed content security warning on your web pages

Security mixed content warning
You should have been pretty familiar with the above prompt of your web browser, especially Internet Explorer, if you’ve been involved in developing web pages for your websites that are delivered via the HTTPS secure channel.

Continue reading ‘How to eliminate Mixed content security warning on your web pages’

Google Chrome remains as the most secure brower to date, stands the first-day test of Pwn2Own

A number of security experts gathered at the contest at CanSecWest, and they’ve performed several stringent security tests at the Pwn2Own competition, on the most popular web browsers including Internet Explorer, Firefox, Safari and also Google Chrome. The first three (IE, Firefox, Safari) all went down, caught with bugs and security exploits. And only Google Chrome now has passed through to the second day of the test.

Continue reading ‘Google Chrome remains as the most secure brower to date, stands the first-day test of Pwn2Own’

How to get rid of error or warning messages output by PHP in a programatic way for a production PHP web app

Lets say you’re on a shared hosting, or you’re only a programmer which you have NO control at all on the error warning messages output by PHP, such as those E_WARNING, E_ALL, E_STRICT etc.

Continue reading ‘How to get rid of error or warning messages output by PHP in a programatic way for a production PHP web app’

How to write your own cloaking detector in PHP

Cloaking is black hat SEO that we always hate, especially running wordpress that always gets hacked with spam links injection at the bottom of your footer page.

Continue reading ‘How to write your own cloaking detector in PHP’

PHP + Rsync + MySQL – building your own data/file remote syncing app

This is to show you how you can build a little rsync app in PHP that is to be run by a Linux/Unix cron job that syncs files on your data or web server to a remote server. PHP is allowed to execute the Unix/Linux system commands such as “rsync” and it gives you the easiness of accessing database such as MySQL.

Continue reading ‘PHP + Rsync + MySQL – building your own data/file remote syncing app’

Beware of remote code injection exploit in PHP!

PHP is kind of convenient to build web pages that have common header and footer. This is the technique we normally use when coming to building corporate web sites to maintain same look and feel over the entire websites. For example in the following piece of code (index.php), it shows you how it’s used.

The index.php
<?php
      $page = $_REQUEST['p'].”.inc.php”;
      include “header.inc.php”;
      include $page;
      include “footer.inc.php”;
?>

Continue reading ‘Beware of remote code injection exploit in PHP!’