Comments for MiracleBlue's Awesome Blog! http://pie.miracleblue.com Web Development, Electronic Music and Skateboarding (now with 9001% more Awesome) Thu, 25 Feb 2010 19:02:09 +0000 hourly 1 http://wordpress.org/?v=3.2.1 Comment on Security: The mindset of a secure programmer by Looie http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-24 Looie Thu, 25 Feb 2010 19:02:09 +0000 http://pie.miracleblue.com/?p=43#comment-24 Come on Nick, you can't let RoR beat PHP! Come on Nick, you can’t let RoR beat PHP!

]]> Comment on Security: The mindset of a secure programmer by Havokade http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-23 Havokade Wed, 20 Jan 2010 21:30:02 +0000 http://pie.miracleblue.com/?p=43#comment-23 echo "mY c0d3 i$ 2 31337 4 u xP"; echo “mY c0d3 i$ 2 31337 4 u xP”;

]]> Comment on Security: The mindset of a secure programmer by modsognir http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-22 modsognir Sun, 10 Jan 2010 13:01:38 +0000 http://pie.miracleblue.com/?p=43#comment-22 oh, to make things more condensed: %w{home about contact destroyhumans}.include(@page) ? redirect_to @page : render :status=>404 oh, to make things more condensed:
%w{home about contact destroyhumans}.include(@page) ? redirect_to @page : render :status=>404

]]> Comment on Security: The mindset of a secure programmer by modsognir http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-21 modsognir Sun, 10 Jan 2010 12:25:45 +0000 http://pie.miracleblue.com/?p=43#comment-21 ['home', 'about', 'contact', 'destroyhumans'].include?(@page) ? redirect_to :action=>@page : render :status=>404 ['home', 'about', 'contact', 'destroyhumans'].include?(@page) ? redirect_to :action=>@page : render :status=>404

]]> Comment on Security: The mindset of a secure programmer by MiracleBlue http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-20 MiracleBlue Sun, 10 Jan 2010 12:22:38 +0000 http://pie.miracleblue.com/?p=43#comment-20 That's pretty cool. Here's a more condensed version of it in PHP... (in_array($page, array("home","about","contact","destroyhumans")) ? include($dir."/".$page."/php") : include($dir."/404.php") That’s pretty cool. Here’s a more condensed version of it in PHP…

(in_array($page, array(“home”,”about”,”contact”,”destroyhumans”)) ? include($dir.”/”.$page.”/php”) : include($dir.”/404.php”)

]]> Comment on Security: The mindset of a secure programmer by modsognir http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-19 modsognir Sun, 10 Jan 2010 12:19:04 +0000 http://pie.miracleblue.com/?p=43#comment-19 In rails you can condense it to something like this (and i'm stretching it out a little) @page = params[:page] if ['home', 'about', 'contact', 'destroyhumans'].include?(@page) redirect_to :action => @page else render :status => 404 end In rails you can condense it to something like this (and i’m stretching it out a little)

@page = params[:page]

if ['home', 'about', 'contact', 'destroyhumans'].include?(@page)
redirect_to :action => @page
else
render :status => 404
end

]]> Comment on Security: The mindset of a secure programmer by MiracleBlue http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-18 MiracleBlue Sun, 10 Jan 2010 12:10:06 +0000 http://pie.miracleblue.com/?p=43#comment-18 But *I* *LOVE* asterisks! *!!!* =P And no, it wouldn't be all that difficult at all to do a whitelist. All you'd need to do is make an array. For example... $whitelist = array("home", "about", "contact", "destroyhumans"); if (in_array($page, $whitelist)) { include($dir."/".$page.".php"); } else { include($dir."/404.php"); } But *I* *LOVE* asterisks! *!!!*
=P
And no, it wouldn’t be all that difficult at all to do a whitelist. All you’d need to do is make an array. For example…

$whitelist = array(“home”, “about”, “contact”, “destroyhumans”);
if (in_array($page, $whitelist)) {
include($dir.”/”.$page.”.php”);
}
else {
include($dir.”/404.php”);
}

]]> Comment on Security: The mindset of a secure programmer by modsognir http://pie.miracleblue.com/2010/01/09/security-the-mindset-of-a-secure-programmer/comment-page-1/#comment-17 modsognir Sun, 10 Jan 2010 11:08:57 +0000 http://pie.miracleblue.com/?p=43#comment-17 I think its good. Maybe a bit much emphasis using asterisks. In terms of the last section, I would also suggest using a whitelist of sorts - theres only so many pages that could be included, its worth testing if its one of those. If its not, throw a 404. Maybe a bit harder in php for lots of pages. ah if only this was ruby :) I think its good. Maybe a bit much emphasis using asterisks.

In terms of the last section, I would also suggest using a whitelist of sorts – theres only so many pages that could be included, its worth testing if its one of those. If its not, throw a 404. Maybe a bit harder in php for lots of pages.

ah if only this was ruby :)

]]> Comment on PHP Classes: A very quick guide to the basics by MiracleBlue http://pie.miracleblue.com/2009/03/06/php-classes-a-very-quick-guide-to-the-basics/comment-page-1/#comment-16 MiracleBlue Fri, 08 Jan 2010 12:38:22 +0000 http://pie.miracleblue.com/?p=26#comment-16 Coming in a later tutorial, when I can be bothered =] Coming in a later tutorial, when I can be bothered =]

]]> Comment on PHP Classes: A very quick guide to the basics by ringosdom http://pie.miracleblue.com/2009/03/06/php-classes-a-very-quick-guide-to-the-basics/comment-page-1/#comment-15 ringosdom Fri, 08 Jan 2010 10:35:54 +0000 http://pie.miracleblue.com/?p=26#comment-15 but wheres the multiple inheritance and polymorphism? but wheres the multiple inheritance and polymorphism?

]]>