All entries of my technical and business blog.

Write Security Triggers Against SQL Injection

An interesting idea that a colleague told me about was a ‘security trigger’ in any application that has a SQL type storage engine. The trick is to make sure that your admin account is not ID #1 and that your administrative username isn’t one of the most common ones: (more…)

ODBC for UDB and PHP - How I increased performance by 400%

In our current setup at (“the triangle”), we have to use odbc connections to access our db2-udb database - and I don’t like it. But we have to stick with it - and that’s the way life is. The main reason I don’t like it is the immense overhead and time it takes to execute queries. Well, I did some research and found out some interesting things. The most important of which was a cursor... (more…)

Demonstrating Password Manager Almost Vulnerability in FireFox

The “security guys” have been talking about the problems with FireFox’s password manager and I got curious. It turns out that javascript can access saved passwords in your password manager simply by creating a login form and capturing the input field’s contents. While this isn’t necessarily a vulnerability in FireFox, it does suck! The biggest attack vector is websites that allow user submitted content that have script injection holes. Basically, if a third party can... (more…)

The Perils of the AT in PHP

A lot of weird things have been happening ever since we introduced a new error handler at (“the triangle”). First of all, it took down our whole site for a good portion of time (oops!), then it created a large project for us to review our code. Turns out a lot of the errors were just weird little things that we ignored. However, there were a few times where the @ operator was a... (more…)

Is it better to write your 'for' loops backwards in PHP?

After listening to a javascript internals optimization talk, I wanted to see how these concepts could relate to PHP. The biggest thing that stuck out to me was the order of the for loops in javascript. According to the talk, loops written backwards (or using the deincrement operator instead of the increment one…) was a lot faster. They said comparing a value to zero was faster than comparing a value to another value. With the... (more…)

Force Log Messages using Tortoise SVN

Everyone knows that standard SVN has its list of 6 or 8 standard hooks - but what if you’re 1) lazy, 2) busy, 3) don’t have access to the SVN server? Using one of the popular win32 shell integrated svn clients, TortoiseSVN, we can still force commit log messages easily: (more…)

Symbolic Linking in Windows?

Be careful! Those of you who are trying to emulate a symbolic link in windows have probably come across the Windows Resource Kit tool linkd.exe. This creates junction points on the file system. However, before you have to find out the hard way, here’s my reminder… junction points are more akin to hardlinks than symbolic links: if you delete a junction point, it deletes the target as well! (more…)

How to use PHP to generate downloadable content

I was looking at some code I had written about 3 years ago - how sad! I was creating a PDF of my resume using PHP to grab my qualifications out of a database. Unfortunately, I never researched into the header php command, so I made my job harder. Instead of writing it with a php file, I made a php file, and renamed it as a .pdf file. I modified my .htaccess file to... (more…)

⬅ Newer | Older ➡
Page 45 of 50

Get the RSS or use IFTTT for RSS to Email