As a web programming language, one of PHP’s strengths traditionally has been to make it easy to write scripts that access databases so that you can create dynamic web pages that incorporate database content. This is important when you want to provide visitors with information that is always up-to-date, without hand tweaking a lot of static HTML pages. However, although PHP is easy to use, it includes no general-purpose database access interface. Instead it has a number of specialized ones that take the form of separate sets of functions for each database system. There is one set for MySQL, another for InterBase, and another for PostgreSQL—and others as well.
Read the rest of this entry »

• 0 Comments

We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

There has always been the necessity to have a definitive guide on PHP-Nuke. Due to time constraints, nobody has ever had the will to carry out this operation. Not any more! With this book, PHP-Nuke now posesses the most comprehensive guide on the subject, suitable for newbies and advanced users alike.

PHP-Nuke utilizes as hinge of its own structure the duo PHP+ MySQL, very often being accompanied by the Apache web server. Many modules have integrated many other languages, such as Javascript, Java, Flash and also even systems that serve, through the portal, sounds and films in streaming mode (Online Radio, TV Online, Images, Files…). From version 6.x onwards, the compatibility has been extended to include other databases as well, in order to extend the user base even more vastly.
Read the rest of this entry »

• 0 Comments

PHP?Nuke is free software, released under the GNU License. It is a CMS (Content Managment System) that integrates in its inside all the instruments that are used to create a site/portal of information (meant in broad sense). Given the immense number of present functions in the installation and in an even greater quantity of modules developed from third parties, the system is also adept to the management of
• Intranet business,
• e?commerce systems,
• corporate portals ,
• public agencies,
• news agencies,
• online companies,
• information sites,
• e?learning systems
• and so on…
Read the rest of this entry »

• 0 Comments

Information and communication technologies continue to pervade our lives in various aspects which include health, education, entertainment and ecommerce. People need to be able to trust computer systems as the dependence on them increases. The Trustworthy Computing vision (CRA, 2003) refers to computer systems that are intuitive, controllable, reliable and predictable and that ensure availability and security. Secure cod- ing is not trivial and poor code security management may leave the developed web application vulnerable to attack or turn the application into a launch pad for serious attacks.
Read the rest of this entry »

• 0 Comments

This paper briefly describes several common classes of coding error generally encountered when auditing web applications running on the Active Server Pages (ASP) platform. The paper is broken down into three broad sections, each of which addresses several common coding problems. The following is a list of the common errors that are discussed in this document, divided into three broad categories. The remainder of the document deals with each of these problems in turn. Any ASP code samples assume that the default language is VBScript, but all of the points apply equally to JavaScript. Equally, all occurrences of the SQL language assume that Microsoft SQL Server is being used as the back – end database.
Read the rest of this entry »

• 0 Comments

Many developers have learned to use PHP over the years because it’s a good solution for creat- ing Web pages and the price is right. The PHP acronym is like many other new acronyms for the Internet—the acronym is recursive (refers back to itself). PHP stands for PHP Hypertext Processor. This general-purpose HTML scripting language works much like ASP (see Chapter 6) or other page description languages you might have used. Essentially, you mix HTML with scripting information. When the PHP process sees HTML, it sends the text directly to the user. It processes any scripting information, and passes the resulting HTML to the user as well.
Read the rest of this entry »

• 0 Comments

The 4D Ajax Framework v11 component comes in two flavors, For 4D 2004 and For 4D v11 SQL. Thus, there are two sets of installation instructions.
- Installing the 4D Ajax Framework v11 component in a 4D 2004 database
- Installing the 4D Ajax Framework v11 component in a 4D V11 SQL database Follow the set that best suits your situation.
Read the rest of this entry »

• 0 Comments