Jump to content

M.O.S. Studios

Members
  • Posts

    273
  • Joined

  • Last visited

Everything posted by M.O.S. Studios

  1. Would this be safe? I believe its possible for one website to read cookies from another. Couln't they copy that cookie to access the site?
  2. Hey everyone, I am working on a project for fun. This is a LAMP application that is going to run on my intranet server, and hold NO VALUABLE data. I am doing it just to get better at programming, and learn some best practices and techniques. at this point, I am working on some things, and I don't know what the best practices are. Can someone help me go down the pest route? 1. A log-in system and I want to include a "remember me" button. What is the best practice for this? Obviously leaving user data in a cookie is asking for trouble, so I was thinking of leaving a unique id of some sort? 2. Information in a login SESSION. What information do you put in a log in session? I have seen lots of different techniques on this. I don't really know which is the best. For the moment, I keep an array like this: array('Status'=>True, 'Username'=>'Users name" ,'email'=>'users Email'). If a hacker can inject session information, this seems like it would be really easy to break, because they only need a user's name and email to gain access. Is there something more I should do? 3. Config file that holds Mysql Information. I made a file that contains all the values that might change over time. That way I only need to change it in one spot. In this file I have things like the Mysql Database information. Should these files be encrypted? Or can I use a .htaccess file to make sure it isn't accessible to a hacker (as I mentioned before, this isn't a project that's going live, its more of an exercise to help me learn) Thanks everyone
  3. I’m asking for educational purposes, I think understanding why is as important as how. so, if I understand correctly, the idea is it strictly prevents comparing hashed password together. So one cracked password doesn’t unlock them all?
  4. Maybe I am using the wrong terminology. if someone got a hold of the DB, the can see the $2y$10$ And assume that’s how it was encrypted. Then run a list of common passwords through password_validate along with the hash. if it tests each hash against the most common passwords, words, etc.. first, then worked its way down to the least common, it could in theory works out the majority of information.
  5. Hey everyone, I’m working on an app for my local intranet sever. My security needs are almost non existent, because it’s only accessible on my local network. Even if someone wanted to mess with it, the only thing this app controls is my fish tank! Yup, it just shows me some information about my water, and let’s me turn on and off devices. So I’m not too worried about it. That being said, I want to add a password just to keep my coding skills sharp, as I haven’t done anything with php in a while. That being said, I would like some help understanding something... while looking up the best practices for working with passwords, I found password_hash and password_verify... don’t these two function completely negate the advantages of salting a password? my understanding is that salting a password makes using a rainbow table impossible. However, what’s stopping someone from just doing a dictionary attack with the password_verify function? as I said above, my application doesn’t require a lot of security, I’m asking for educational reasons
  6. Hey everyone, I’m pretty new to python, but have done a lot of coding with php and JavaScript. here is what I am hoping to do. i want to write a script that will do the following: 1. scan sub directory make an array with the names of each of the files 2. iterate through the files using the array, and make either a object, or a function using the file name (without the extension) as the name, and the contents for the code 3. Run the function/create object that were just created, and with known variables I’m pretty sure I can figure out step one and three. It’s step two that’s giving me problems. I tried using the open() function, and eval(), but it’s giving me some problems, and that feels like a ‘janky’ way to do it. this is for a raspberry Pi project I’m using to control the equipment on my fish tank. The idea is I can write code for each sensor individually, and the program will automatically be able to incorporate it. I’d just have to drop it into the folder any suggestions?
  7. Got it working function UrlWorks(instaUrl){ var url = '../' + instaUrl.split('.com/p/').pop().toLowerCase(); jQuery.ajax({ url: url, datatype: 'text', type: 'Get', success: function(){window.location.href = url}, error: function(){window.location.href = instaUrl} }); } $('a.sbi_photo[href]').each(function() { var $t = $(this); var newHref = $t.attr('href'); $t.removeAttr( "href" ); $t.click(function(){UrlWorks(newHref);}); });
  8. I switched to a new code, I'm now using jquery to make the call, and it is working better. But now my site see's the call as a 'cross browser' call, so I'm getting an error message that says it's a security risk. I think if I switch the call to 'localhost' opposed to having written out my domain it might work. Anyone know how to phrase that? function UrlWorks(instaUrl, cb){ var url = instaUrl.replace('www.instagram.com/p', 'localhost').toLowerCase(); jQuery.ajax({ url: url, dataType: 'text', type: 'HEAD', complete: function(xhr){ if (typeof cb === 'function'){ cb.apply(this, [xhr.status]); } } }); } $('a.sbi_photo[href]').each(function() { var $t = $(this); var newHref = $t.attr('href'); $t.removeAttr( "href" ); $t.click(function(){UrlWorks(newHref, function(e){alert(e)});}); }); Also, I got this code from here https://stackoverflow.com/questions/3915634/checking-if-a-url-is-broken-in-javascript
  9. Hey guys I'm working on some code for a blog I write I use a plug in that puts my Instagram feed on my blog, then links each photo to itself on Instagram. However, I want any photos that are linked to a blog post, to link to that instead. So I made a routine in jquery that solved that issue like this: 1. Creates a function that can look at an Instagram photo URL, and determin if I have a blog post associated with it (by using Ajax to run a URL on my site, and see if it returns a 404 error), it will then will forward the user to either the Instagram post, or the blog post 2. Go through each anchor associated with a instgram photo, replace the href with a listening action that will run the URL through the function mentioned above It works well on chrome on my MacBook, but. It on safari I for my iPhone. Anyone have any idea why? function UrlWorks(instaUrl) { var url = instaUrl.replace('www.instagram.com/p', 'mywebsite.com').toLowerCase(); var http = new XMLHttpRequest(); http.open('HEAD', url, true); http.onload = function(){ if (http.status === 404){ window.location.href = instaUrl; }else{ window.location.href = url; } }; http.send(); } $('a.sbi_photo[href]').each(function() { var $t = $(this); var newHref = $t.attr('href'); $t.removeAttr( "href" ); $t.click(function(){UrlWorks(newHref);}); });
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.