Search Results

Search found 9 results on 1 pages for 'jacco'.

Page 1/1 | 1

OWASP Regex Repository: Is this regex correct?

- by Jacco

I was looking at the regular expression for validating various data types from the (OWASP Regex Repository). One of the regular expressions in there is called safetext and looks like: ^[a-zA-Z0-9\s.\-]+$ My first question is: Is this regular expression correct? complementary question If this Regex Repository any good at all?

Read the article
Detecting 'stealth' web-crawlers

- by Jacco

What options are there to detect web-crawlers that do not want to be detected? (I know that listing detection techniques will allow the smart stealth-crawler programmer to make a better spider, but I do not think that we will ever be able to block smart stealth-crawlers anyway, only the ones that make mistakes.) I'm not talking about the nice crawlers such as googlebot and Yahoo! Slurp. I consider a bot nice if it: identifies itself as a bot in the user agent string reads robots.txt (and obeys it) I'm talking about the bad crawlers, hiding behind common user agents, using my bandwidth and never giving me anything in return. There are some trapdoors that can be constructed updated list (thanks Chris, gs): Adding a directory only listed (marked as disallow) in the robots.txt, Adding invisible links (possibly marked as rel="nofollow"?), style="display: none;" on link or parent container placed underneath another element with higher z-index detect who doesn't understand CaPiTaLiSaTioN, detect who tries to post replies but always fail the Captcha. detect GET requests to POST-only resources detect interval between requests detect order of pages requested detect who (consistently) requests https resources over http detect who does not request image file (this in combination with a list of user-agents of known image capable browsers works surprisingly nice) Some traps would be triggered by both 'good' and 'bad' bots. you could combine those with a whitelist: It trigger a trap It request robots.txt? It doest not trigger another trap because it obeyed robots.txt One other important thing here is: Please consider blind people using a screen readers: give people a way to contact you, or solve a (non-image) Captcha to continue browsing. What methods are there to automatically detect the web crawlers trying to mask themselves as normal human visitors. Update The question is not: How do I catch every crawler. The question is: How can I maximize the chance of detecting a crawler. Some spiders are really good, and actually parse and understand html, xhtml, css javascript, VB script etc... I have no illusions: I won't be able to beat them. You would however be surprised how stupid some crawlers are. With the best example of stupidity (in my opinion) being: cast all URLs to lower case before requesting them. And then there is a whole bunch of crawlers that are just 'not good enough' to avoid the various trapdoors.

Read the article
Session Id in url and/or cookie? [closed]

- by Jacco

Most people advice against rewriting every (internal) url to include the sessionId (both GET and POST). The standard argument against it seems to be: If an attacker gets hold of the sessionId, they can hijack the session. With the sessionId in the url, it easily leaks to the attacker (by referer etc.) But what if you put the sessionId in both an (encrypted) cookie and the url. if the sessionId in either the cookie or the url is missing or if they do not match, decline the request. Let's pretend the website in question is free of xss holes, the cookie encryption is strong enough, etc. etc. Then what is the increased risk of rewriting every url to include the sessionId? UPDATE: @Casper That is a very good point. so up to now there are 2 reasons: bad for search engines / SEO if used in public part of the website can cause trouble when users post an url with a session Id on a forum, send it trough email or bookmark the page apart from the: It increases the security risk, but it is not clear what the increased risk is. some background info: I've a website that offers blog-like service to travellers. I cannot be sure cookies work nor can I require cookies to work. Most computers in internet cafes are old and not (even close to) up-to-date. The user has no control over them and the connection can be very unreliable for some more 'off the beaten path' locations. Binding the session to an IP-address is not possible, some places use load-balancing proxies with multiple IP addresses. (and from China there is The Great Firewall). Upon receiving the first cookie back, I flag cookies as mandatory. However, if the cookie was flagged as mandatory but not there, I ask for their password once more, knowing their session from the url. (Also cookies have a 1 time token in them, but that's not the point of this question). UPDATE 2: The conclusion seems to be that there are no extra *security* issues when you expose you session id trough the URL while also keeping a copy of the session id in an encrypted cookie. Do not hesitate to add additional information about any possible security implications

Read the article
RFC quoted-string definition

- by Jacco

Hello, In RFCs there are references to quoted-string now I understand that this means a string contained in quotes. However, I'm unable to find the definition of what exactly is a valid quoted string. /"[^"]"/ = a correctly quoted string. /'[^']'/ = is this also a correctly quoted string? In other words, are both ' and " allowed as quotes when an RFC specifies quoted-string? Bonus points: In what document is this specified?

Read the article
Currency exchange rates for paypal

- by Jacco

Does anyone know a way to get the currency exchange rates for paypal? We have custom shopping cart and use Paypal (Website Payments Standard) to handle payments. Our 'home' currency is Euro, but we would like to present our customers the option to pay in different currencies (USD, CAD, AUD and GBP). PayPal offers the option to: a) automatically convert our Euro quoted prices to, for example, USD upon checkout b) checkout in USD directly With option a): We get paid in Euro, the customer pays for the currency exchange (good). The customer does not know what he/she is going to be charged in USD until checkout. (bad) With option b) The customer pays in USD, then the currency is converted into EUR and we pay the the currency exchange. The customer never has to worry about the different currencies (excellent) We do not know the exchange rate PayPal is going to use so we cannot quote the correct prices to our customer (showstopper) So my question is: Does anybody know a way to get the PayPal exchange rates? or Does anybody know how to make a good estimate? Update: PayPal updates it's exchange rate 2 times a day. (at least, that is what they state). They use the Interbank Exchange Rate provided by ??? and add a 2.5% spread above this rate to determine their retail foreign exchange rates. Unforunately, there the Interbank Exchange Rates vary from source to source and from minute to minute. We have been monitoring the PayPal exchange rates and cross referenced them with the Official reference rates provides by the European Central Bank. the results vary widely, somewhere from 1 to 6 ! percent...

Read the article
How to get the path of a derived class from an inherited method?

- by Jacco

How to get the path of the current class, from an inherited method? I have the following: <?php // file: /parentDir/class.php class Parent { protected function getDir() { return dirname(__FILE__); } } ?> and <?php // file: /childDir/class.php class Child extends Parent { public function __construct() { echo $this->getDir(); } } $tmp = new Child(); // output: '/parentDir' ?> The __FILE__ constant always points to the source-file of the file it is in, regardless of inheritance. I would like to get the name of the path for the derived class. Is there any elegant way of doing this? I could do something along the lines of $this->getDir(__FILE__); but that would mean that I have to repeat myself quite often. I'm looking for a method that puts all the logic in the parent class, if possible. Update: Accepted solution (by Palantir): <?php // file: /parentDir/class.php class Parent { protected function getDir() { $reflector = new ReflectionClass(get_class($this)); return dirname($reflector->getFileName()); } } ?>

Read the article
Efficiently detect corrupted jpeg file?

- by Jacco

Is there an efficient way of detecting if a jpeg file is corrupted? Background info: solutions needs to work from within a php script the jpeg files are on disk manual checking is no option (user uploaded data) I know that imagecreatefromjpeg(string $filename); can do it. But it is quite slow at doing so. Does anybody know a faster/more efficient solutions?

Read the article
Middleware Day at UK Oracle User Group Conference 2012

- by JuergenKress

Registration has opened for UK Oracle User Group Conference 2012, the UK’s largest Independent Oracle Technology & E-Business Suite conference from 3rd - 5th December, 2012. The conference will attract over 1,700 attendees from the UK and internationally. Spanning three days and featuring over 250 presentations which range from end-users telling their war stories to Oracle unveiling the latest product roadmaps. We have always been trusted to provide exceptional events with innovative content and renowned speakers and our 2012 event is no exception. It is just not our words, 95% of attendees from the last years conference, highly recommend the experience to other Oracle user. You can get an overview of the conference, listen what last year's delegates thought and explore the full agenda on the conference website: www.ukoug.org/ukoug2012. Join the UK Oracle User Group for ‘Middleware Sunday’ - an event packed with technical content for WebLogic administrators taking place on 2nd December the day before the start of UKOUG Conference 2012. The day has been organised by middleware enthusiasts Simon Haslam and Jacco Landlust and is free to UKOUG 2012 delegates. The content level will be pitched intermediate to advanced. So delegates are expected to be comfortable with WebLogic and its configuration terms, such as domains and managed servers. We will also have a fun, hands-on session for which you’ll need a quick laptop to join our mega-cluster! For more information visit the UKOUG 2012 website: www.ukoug.org/2012. WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. BlogTwitterLinkedInMixForumWiki Technorati Tags: simon Haslam,UK user group,middleware sunday,conference,WebLogic Community,Oracle,OPN,Jürgen Kress

Read the article
Middleware Day at UK Oracle User Group Conference 2012

- by JuergenKress

Registration has opened for UK Oracle User Group Conference 2012, the UK’s largest Independent Oracle Technology & E-Business Suite conference from 3rd - 5th December, 2012. The conference will attract over 1,700 attendees from the UK and internationally. Spanning three days and featuring over 250 presentations which range from end-users telling their war stories to Oracle unveiling the latest product roadmaps. We have always been trusted to provide exceptional events with innovative content and renowned speakers and our 2012 event is no exception. It is just not our words, 95% of attendees from the last years conference, highly recommend the experience to other Oracle user. You can get an overview of the conference, listen what last year's delegates thought and explore the full agenda on the conference website: www.ukoug.org/ukoug2012. Join the UK Oracle User Group for ‘Middleware Sunday’ - an event packed with technical content for WebLogic administrators taking place on 2nd December the day before the start of UKOUG Conference 2012. The day has been organised by middleware enthusiasts Simon Haslam and Jacco Landlust and is free to UKOUG 2012 delegates. The content level will be pitched intermediate to advanced. So delegates are expected to be comfortable with WebLogic and its configuration terms, such as domains and managed servers. We will also have a fun, hands-on session for which you’ll need a quick laptop to join our mega-cluster! For more information visit the UKOUG 2012 website: www.ukoug.org/2012. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: UK user group,middleware day,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

Read the article

1