| Home | Books | PHP5 Hosting | Sudoku | About TPG |
So far we have covered security vulnerabilities that involve form data databases and file systems. In this article we are going to look at authentication and the security issues around it. We will also look at some of the most common attacks in this field….
InSpec Software Management Tool Inspect and identify code defects early in development cycle. Improve software quality.
On the FuzzyOpinions blog, there’s a basic tutorial that walks you through the creation of a CAPTCHA system to use how you’d like on your site. They target it towards the most common use - blocking unwanted comments to a site from spambots.
Although you might not know it by the name, a captcha is one of those little boxes you see, more and more lately, that ask you to type in a random code to verify that you are a human being and not a robot. There are many different varieties, but the basic idea is an image that is obscured slightly but readable by a human and used as a passcode for secure entry to a system or task.
The method is a simple combination of random text, a custom image, some of the PHP graphics functions, and a little addition to your HTML form (and PHP session) to get things up and running.
Launching off from this previous post on the Stubbles Blog, two more posts (from two other developers) have been posted on the same subject:
Be sure to check out the comments on each for some more interesting tidbits…
The Bakery has a new helper posted today for those working with images in their applications that need to resize and cache them easily.
This helper resizes an image on the fly and places it in an image cache directory for later use. Make sure your imagecache directory is writable. Future editions could include a cropping function.
The full code of the class is provided in both a cut and paste-able format and for download. There’s an example of the sample usage included as well.
In this new tutorial from DevShed (in their “RSS Reader” series), they finally get down to the real heart of the application - the code.
The other other two parts prepared you for this, the creation of the actual RSS file - correctly formatted and filled with data. They also include a simple feed reader so you can ensure your document can be read correctly.
Unfortunately, they chose to go with a long line of fwrites to push out each line of the file instead of pushing it all into one string and writing that. Using the multiples makes more work for the file handling and could result in a slowdown for a large amount of items in the RSS file.