Jump to content


gizmola

Member Since 06 May 2003
Offline Last Active Sep 14 2014 01:35 AM

Posts I've Made

In Topic: Protecting from data ciphers

14 September 2014 - 01:37 AM

Network sniffing is a very real threat, not just a horror story for network administrators. Maybe it's less of a problem for you, but that doesn't mean everybody else is in the same situation. So I'd be careful with such statements.

 

 

I don't think it helps people to make hyperbolic statements about sniffing, and raise the level of paranoia without a healthy understanding of exactly how and when your packets might be intercepted.  Most people that hook up to their ISP will find that they can't sniff anyone's traffic.  

 

Now if we're talking about a cloud server, or something like that, then I would agree that it's a much more likely scenario.  I'd actually encourage people to try out some of the common sniffing packages, as they have great utility when debugging network applications.

 

Just to be clear, I'm not trying to say that people shouldn't implement TLS, or use VPN's or anything like that.   But by the same token, they need to understand some networking basics and ideally, have explored the tools that facilitate the problem in the first place, so that they're clear under what circumstances they might be exposed.  


In Topic: Protecting from data ciphers

13 September 2014 - 12:55 AM

Richard,

   I am not sure I understand either your original point or your train of thought.  To quote you:

 

Data siphoning is when you intercept the data and sniff between a client and a host, also known as sniffing a connection.

 

 

I agree that sniffing is a potential problem.  It is far less of a potential problem than people think however.  In order to sniff someone's packets, you need to be able to technically intercept their packets.  With the advent of high speed switching, there are far fewer places for people to sniff -- although the pervasive use of wifi hotspots are a problem.

 

What I don't understand is your assertion that the use of TLS/SSL doesn't secure your communication, when in fact it does --- via strong encryption.

 

If there's some misunderstanding here, then you should probably respond with the specifics. 


In Topic: How can I cache more than just simple variables in the environment?

12 September 2014 - 05:25 PM

@timneu22,

  You got a complete answer from both Kicken and myself.  You never bothered to reply to those answers or ask questions or anything.  Instead you seemed more intent on creating arguments with people for reasons I can't really understand.

 

Shared cache?  Yes, apcu, redis or memcache.  They all have client support in php and I've used all of them in different projects in the past.  They provide exactly what you were inquiring about.   

 

With that said, it seems pretty clear you don't have the application load or number of users where you are being forced to do something to insure performance.  Nobody is twisting your arm or demanding that you stop putting a load of static data into sessions (which by default get stored per session, in files on the web server fs).  Things that work fine for an intranet or small business system won't scale to significant user load, but if you aren't facing that scenario, then doing something inefficient and resource intensive may never be a problem you actually have to confront.

 

That doesn't mean there isn't a better solution, and for some reason you seem to have just dismissed the suggestions made in this thread, with the implication that you never received a solution, when in fact, you did.


In Topic: Contact Form Help PLZ

12 September 2014 - 02:48 PM

:thumb-up:  Congrats on making the effort to figure this out on our own.  Posting your final solution is good form as well, and helps give back to the community.


In Topic: Contact Form Help PLZ

12 September 2014 - 01:53 PM

I'm not sure what "awkward results" is supposed to mean. I'm interpreting your questions as --- "it doesn't appear in the contact email the script sends to me".

This script is "self-posting" in that it has 2 parts:

1. If it was the target of a POST request, then it looks at the contents of the $_POST and if acceptable, sends the email.
2. If it was not POSTED to OR there was an error, display the html form.


You added a form element to section 2 of the code. You did not make any changes to Section1, so even if the new form field is filled out, it's simply discarded.


Section 1 of the code starts with this logical condition:

 if ($_POST['contact_form_submit'] ) {
Hopefully you understand that this is checking to see if the $_POST super global includes the submit button. This will happen when the form is submitted.

You might be wondering why the script submits to itself? It's because a specific target is not included in the form tag using the action= parameter. When this happens the browser assumes that the target should be the same URL as the form.

<form method="post" action="">
In summary, you need to look at the code that comes directly after the 'if' statement I provided, and figure out where to account for the existence of the new form variable you created.

Since it's a "required" field in your form, you actually need to change both the code that sends the email as well as the code that comes before it, which checks for the existence of all the required fields on the form. Needless to say that variable will be named: $_POST['contact_form_socialid']

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com