Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- PACKAGE CONTROL

  Some hidden XSS injection vulnerabilities

XSS injection refers to a Web page generates some unexpected executable js codes based on user input  and these executable codes are executed by web browser,i.e, the source code sent to web browser by the server contains some illegal js codes, and these illegal js codes are related to user's input. Common XSS injection vulnerabilities can be fixed with some functions such as htmlspecialchars(escaping HTML special characters) and strip_tags() or similar, but there are some hidden XSS injecti...

   XSS,PHP,Security,Code,JavaScript     2012-08-27 20:32:08

  php://input in PHP

When using xml-rpc, server side will get the data from client with php://input method instead of $_POST. Hence today we will discuss php://input. PHP official manual has below explanation to php://input: “php://input allows you to read raw POST data. It is a less memory intensive alternative to $HTTP_RAW_POST_DATA and does not need any special php.ini directives. php://input is not available with enctype=”multipart/form-data”. Here we und...

   php://input, IO, input     2013-02-25 20:43:00

  Roundup on Parallel Connections

A lot of blogging and follow-up discussion ensued with the announcement that IE8 supports six connections per host. The blogs I saw: IE8: The Performance Implications IE8 speeds things up IE8: 6 Connections Per Host IE 8 and Performance Testing IE8.s Connection Parallelism IE 8 Connection Parallelism Issues It’s likely that Firefox 3 will support 6 connections per server in an upcoming beta release, which means more discussion is expected. I wanted to pull all the facts into one place an...

   Browser,Concurrent connection,Persistent     2011-09-05 01:51:44

  Five Reasons Why Microsoft's Windows Phone Will Make A Big Splash In The Smartphone Market

The rave reviews for the latest iteration of Microsoft’s Windows Phone aren’t the only reason Microsoft will do better in the smart phone industry than it did in the MP3 player market. Whereas the Zune never really offered anything substantially different from the iPod and never pushed any real boundaries, Microsoft’s latest push into the mobile operating system business is much more bold. Microsoft isn’t rushing it this time – and it shows. So far, tech ...

   WP7,Windows Phone,Zune,2012,Nokia Lumia 900     2012-01-09 08:52:52

  Go Lacks Ternary Operators. Here Are Some Equivalents

If you were like me, a pure Java developer before writing Go, you must be wondering why Go doesn’t support the ternary operator like return a > 1 ? 0 : 1. Most mainstream languages like C and Java are supportive of ternary operators; languages like Python and Ruby support the simplified if-else one-liner, such as a = 0 if a > 1. However, Go is not among them. And it is not only about adding operators but also a concept of coding in a more convenient way, such as the ?: expression can...

   GOLANG,TERNARY OPERATOR     2022-12-09 19:51:32

  Transparency in Cloud Services

37signals recently launched public “Uptime Reports” for their applications (announcement). The reaction on Hacker News was rather tepid, but I think it’s a positive development, and I applaud 37signals for stepping forward. Reliability of cloud applications is a real concern, and there’s not nearly enough hard data out there. Not all products are equally reliable; even within 37signals, the new reports show a 3:1 variation in downtime across apps. That said, ...

   Cloud,Transapency,37signals,Announcement     2012-01-10 07:24:02

  Kualitee: For better Test Management in the year 2020

New IT trends will dominate in 2020. Big data management, customer satisfaction, security concerns, mobile apps, artificial intelligence (AI), test automation, DevOps and agile methodologies are a few of these rising technologies and trends.  With their rise, Quality assurance (QA) has to take the testing game a notch up, especially with using smart test management tools for their testing.  Test Automation Stays A report by Research and Markets estimates the global automation testing ...

   TESTING,KUALITEE     2019-09-04 07:33:25

  Cache them if you can

“The fastest HTTP request is the one not made.” I always smile when I hear a web performance speaker say this. I forget who said it first, but I’ve heard it numerous times at conferences and meetups over the past few years. It’s true! Caching is critical for making web pages faster. I’ve written extensively about caching: Call to improve browser caching(lack of) Caching for iPhone Home Screen AppsRedirect caching deep diveMobile cache file sizesImproving app ...

   Cache,HTTP request,Websiite     2012-03-27 12:54:02

  Top 10 PHP Best Security Practices for Sys Admins

PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enhance PHP Security Best Practices under Linux environment. My sample setup for PHP Security Tips: D...

   PHP,code security,System admin,Advice,Best practice     2012-02-01 00:04:37

  How to hire an idiot

Wow, I remember how idealistic I was when I was about to bring on my first employee! After dealing with bad bosses over my career, after doing a whole lot of thinking about how I was going to be a great boss, and after doing a whole lot of reading about how to hire effective people, I was really looking forward to it. I was going to:-- Hire people smarter than myself, who get things done!-- Trust them to do their job, let them do their job and give them enough resources to do it!-- Pay them WELL...

   Employee,Idiot,Work experience,Pay,Process     2011-10-24 11:47:54

RECENT