Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 472/1734 | < Previous Page | 468 469 470 471 472 473 474 475 476 477 478 479  | Next Page >

  • Accessing current class through $this-> from a function called statically. [PHP]

    - by MQA
    This feels a bit messy, but I'd like to be able to call a member function statically, yet have the rest of the class behave normally... Example: <?php class Email { private $username = 'user'; private $password = 'password'; private $from = '[email protected]'; public $to; public function SendMsg($to, $body) { if (isset($this)) $email &= $this; else $email = new Email(); $email->to = $to; // Rest of function... } } Email::SendMsg('[email protected]'); How best do I allow the static function call in this example? Thanks!

    Read the article

  • PHP Web Services - Nice try

    Thanks to the membership in the O'Reilly User Group Programme the Mauritius Software Craftsmanship Community (short: MSCC) recently received a welcome package with several book titles. Among them is the latest publication of Lorna Jane Mitchell - 'PHP Web Services: APIs for the Modern Web'. Following is the book review I put on Amazon: Nice try! Initially, I was astonished that a small book like 'PHP Web Services' would be able to cover all the interesting topics about APIs and Web Services, independently whether they are written in PHP or not. And unfortunately, the title isn't able to stand up to the readers (or at least my) expectations. Maybe as a light defense, there is no usual paragraph about the intended audience of that book, but still I have to admit that the first half (chapters 1 to 8) are well written and Lorna has her points on the various technologies. Also, the code samples in PHP are clean and easy to understand. With chapter 'Debugging Web Services' the book started to change my mind about the clarity of advice and the instructions on designing and developing good APIs. Eventually, this might be related to the fact that I'm used to other tools since years, like Telerik Fiddler as HTTP proxy in order to trace and inspect any kind of request/response handling. Including localhost monitoring, SSL certification acceptance, and the ability to debug mobile devices, especially iOS-based ones. Compared to Charles, Fiddler is available for free. What really got me off the hook is the following statement in chapter 10 about Service Type Decisions: "For users who have larger systems using technology stacks such as Java, C++, or .NET, it may be easier for them to integrate with a SOAP service." WHAT? A couple of pages earlier the author recommends to stay away from 'old-fashioned' API styles like SOAP (if possible). And on top of that I wonder why there are tons of documentation towards development of RESTful Web Services based on WebAPI. The ASP.NET stack clearly moves away from SOAP to JSON and REST since years! Honestly, as a software developer on the .NET stack this leaves a mixed feeling after all. As for the remaining chapters I simply consider them as 'blah blah' without any real value and lots of theoretical advice. Related to the chapter 13 about 'Documentation', I just had the 'pleasure' to write a C#-based client against a Java-based SOAP Web Service. Personally, I take the WSDL as the master reference in the first place and Visual Studio generates all the stub types involved in the communication. During the implementation and testing I came across a 'java.lang.NullPointerException' in various methods and for various method parameters. The WSDL and the generated types were declared as Nullable, so nothing to worry about, or? Well, I logged in a support ticket, and guess what was the response to that scenario? "The service definition in the WSDL is wrong, please refer to the documentation in order to use the methods and parameters correctly" - No comment! Lorna's title is a quick read and in some areas she has good advice on designing and implementing Web Services and APIs. But roughly 100 pages aren't enough to cover a vast topic like that. After all, nice try and I'm looking forward to an improved second edition. Honestly, I never thought that I would come across a poor review. In general, it's a good book but it clearly has a lack of depth, the PHP code samples are incomplete (closing tags missing), and there are too many assumptions and theoretical statements.

    Read the article

  • lucid 10.04 LTS => Precise 12.04.1 : upgrade doesn't work

    - by Rastom
    I googled and looked into all unkown issues on ubuntu forums but I can't figure out why a 10.04 LTS server won't detect the last LTS 12.04.1. I guess since 12.04 is a fresh dist, not much is reported for related issues Here is what I did : apt-get update apt-get upgrade apt-get install update-manager-core it was already installed so no update for this package. I checked : /etc/update-manager/release-upgrades [DEFAULT] # Default prompting behavior, valid options: # # never - Never check for a new release. # normal - Check to see if a new release is available. If more than one new # release is found, the release upgrader will attempt to upgrade to # the release that immediately succeeds the currently-running # release. # lts - Check to see if a new LTS release is available. The upgrader # will attempt to upgrade to the first LTS release available after # the currently-running one. Note that this option should not be # used if the currently-running release is not itself an LTS # release, since in that case the upgrader won't be able to # determine if a newer release is available. Prompt=lts I also checked my sourcelist before running apt-get : /etc/apt/sources.list deb http://archive.ubuntu.com/ubuntu/ lucid main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ lucid-security main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu/ lucid-updates main restricted universe multiverse deb http://security.ubuntu.com/ubuntu lucid-security main restricted deb-src http://security.ubuntu.com/ubuntu lucid-security main restricted deb http://security.ubuntu.com/ubuntu lucid-security universe deb-src http://security.ubuntu.com/ubuntu lucid-security universe deb http://security.ubuntu.com/ubuntu lucid-security multiverse deb-src http://security.ubuntu.com/ubuntu lucid-security multiverse # deb http://landscape.canonical.com/packages/hardy ./ # deb-src http://landscape.canonical.com/packages/hardy ./ and then following Ubuntu guide for Precise upgrade the command below should work : root@xxxxxxxxx:/etc/apt# do-release-upgrade -d Checking for a new ubuntu release No new release found So am I missing something ? The server was accessing outside through a proxy but I grant direct access to this server to avoid any Internet access problem or redirection but no clue... Any help would be appreciated

    Read the article

  • php & mySQL: Storing doc, xls, zip, etc. with limited access and archiving

    - by Devner
    Hi all, In my application, I have a provision for users to upload files like doc, xls, zip, etc. I would like to know how to store these files on my website and have only restricted people access it. I may have a group of people and let only these group access those uploaded files. I know that some may try to just copy the link to the document or the file and pass it to another (non-permitted) user and they can download it. So how can I prevent it? How can I check if the request to download the file was made by a legitimate user who has access to the file? The usernames of the group members are stored in the database along with the document name and location in the database so they can access it. But how do I prevent non-permitted users from being able to access that confidential data in all ways? With the above in mind, how do I store these documents? Do I store the documents in a blob column in the Database or just just let user upload to a folder and merely store the path to the file in the database? The security of the documents is of utmost importance. So any procedure that could facilitate this feature would definitely help. I am not into Object Oriented programming so if you have a simpler code that you would like to share with me, I would greatly appreciate it. Also how do I archive documents that are old? Like say there are documents that are 1 year old and I want to conserve my website space by archiving them but still make them available to the user when they need it. How do I go about this? Thank you.

    Read the article

  • Creating a global variable on the fly. [PHP ENCRYPTION]

    - by stormdrain
    Is there a way to dynamically create constant variables on the fly? The idea is that upon logging into the system, a user would be asked to upload a small text file that would be fread, and assigned to a var that would be accessible throughout the system. If this is possible, just to be clear, would this variable then only be accessible to that user and only while the session is alive? Security being the main concern here, would it be more practical to store the var in a session variable? The plan: Data in the db will be encrypted via mcrypt, and the key will be stored on USB thumbdrives. The user will insert the thumbdrive when going to access the system. Upon logging in, the app will prompt the user to upload the key. They will navigate to the thumbdrive and key. Via fopen and fread, the key will be assigned to a global var which will then allow access to encrypted data, and will be used to encrypt new info being entered to the db. When the user logs out, or session times out, the global var will become empty. Thanks!

    Read the article

  • What's the state of PHP unit testing frameworks in 2010?

    - by Pekka
    As far as I can see, PHPUnit is the only serious product in the field at the moment. It is widely used, is integrated into Continuous Integration suites like phpUnderControl, and well regarded. The thing is, I don't really like working with PHPUnit. I find it hard to set up (PEAR is the only officially supported installation method, and I hate PEAR), sometimes complicated to work with and, correct me if I'm wrong, lacking executability from a web page context (i.e. no CLI, which would really be nice when developing a web app.) The only competition to I can see is Simpletest, which looks very nice but hasn't seen a new release for almost two years, which tends to rule it out for me - Unit Testing is quite a static field, true, but as I will be deploying those tests alongside web applications, I would like to see active development on the project, at least for security updates and such. There is a SO question that pretty much confirms what I'm saying: Simple test vs PHPunit Seeing that that is almost two years old as well, though, I think it's time to ask again: Does anybody know any other serious feature-complete unit testing frameworks? Am I wrong in my criticism of PHPUnit? Is there still development going on for SimpleTest?

    Read the article

  • Where is a small, simple CMS that has no Front End done in PHP?

    - by user559469
    The keys are: small and simple PHP MySql no Front End By "no front end" I mean literally, I can control the look 100%. I just want a CMS on the "backend" to manage content (user login/security, upload images, udate articles, etc.) that will not dictate in anyway how the managed data is presented. Maybe it just keeps the info in a (MySql) database (which I can query and extract myself) or if it writes content, it is in super-clean xhtml fragments or even just xml I will parse myself? I have looked at Wordpress -- and don't like the code it generates, not to mention the sites look too "canned" (you can usually spot a WP site a mile a way.) Joomla and Drupal look more customizable, but they are bloated now in my opinion, and really I just want something lightweight and simple. For one-user mom-and-pop sites. (No tiered publishing/approval systems, and all that.) I envision plugging this CMS into existing websites/web apps where most of the site is made and managed by me, but a few choice areas are managed by the site owner.

    Read the article

  • Windows XP - Security Update for Windows XP (KB923561) (KB946648) (KB956572) (KB958644)

    - by leeand00
    My father's computer has Windows XP, but when I try to install the service packs it always fails. What gives? Here are the errors that I get in the event log: Date: 2/6/2010 Time: 12:02:18 AM Type: Error User: N/A Computer: EVO Source: Windows Update Agent Category: Installation Event ID: 20 Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows XP (KB946648). For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 57 69 6e 33 32 48 52 65 Win32HRe 0008: 73 75 6c 74 3d 30 78 38 sult=0x8 0010: 30 30 37 30 30 30 32 20 0070002 0018: 55 70 64 61 74 65 49 44 UpdateID 0020: 3d 7b 38 33 44 31 41 44 ={83D1AD 0028: 46 35 2d 37 37 39 44 2d F5-779D- 0030: 34 30 31 36 2d 38 43 33 4016-8C3 0038: 31 2d 35 34 39 32 37 30 1-549270 0040: 46 36 37 42 33 46 7d 20 F67B3F} 0048: 52 65 76 69 73 69 6f 6e Revision 0050: 4e 75 6d 62 65 72 3d 31 Number=1 0058: 30 34 20 00 04 . Date: 2/6/2010 Time: 12:02:18 AM Type: Error User: N/A Computer: EVO Source: Windows Update Agent Catagory: Installation Event ID: 20 Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows XP (KB956572). For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 57 69 6e 33 32 48 52 65 Win32HRe 0008: 73 75 6c 74 3d 30 78 38 sult=0x8 0010: 30 30 37 30 30 30 32 20 0070002 0018: 55 70 64 61 74 65 49 44 UpdateID 0020: 3d 7b 44 46 32 46 30 41 ={DF2F0A 0028: 39 38 2d 36 45 33 35 2d 98-6E35- 0030: 34 33 37 39 2d 41 42 33 4379-AB3 0038: 33 2d 41 30 33 30 33 45 3-A0303E 0040: 46 37 34 42 32 41 7d 20 F74B2A} 0048: 52 65 76 69 73 69 6f 6e Revision 0050: 4e 75 6d 62 65 72 3d 31 Number=1 0058: 30 32 20 00 02 . Date: 2/6/2010 Time: 12:02:18 AM Type: Error User: N/A Computer EVO Source: Windows Update Agent Event ID: 20 Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows XP (KB958644). For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 57 69 6e 33 32 48 52 65 Win32HRe 0008: 73 75 6c 74 3d 30 78 38 sult=0x8 0010: 30 30 37 30 30 30 32 20 0070002 0018: 55 70 64 61 74 65 49 44 UpdateID 0020: 3d 7b 39 33 39 37 41 32 ={9397A2 0028: 31 46 2d 32 34 36 43 2d 1F-246C- 0030: 34 35 33 42 2d 41 43 30 453B-AC0 0038: 35 2d 36 35 42 46 34 46 5-65BF4F 0040: 43 36 42 36 38 42 7d 20 C6B68B} 0048: 52 65 76 69 73 69 6f 6e Revision 0050: 4e 75 6d 62 65 72 3d 31 Number=1 0058: 30 31 20 00 01 . Date: 2/6/2010 Time: 12:02:18 AM Type: Error User: N/A Computer: EVO Source: Windows Update Agent Category: Installation Event ID: 20 Installation Failure: Windows failed to install the following update with error 0x80070002: Security Update for Windows XP (KB923561). For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. 0000: 57 69 6e 33 32 48 52 65 Win32HRe 0008: 73 75 6c 74 3d 30 78 38 sult=0x8 0010: 30 30 37 30 30 30 32 20 0070002 0018: 55 70 64 61 74 65 49 44 UpdateID 0020: 3d 7b 33 31 30 41 34 43 ={310A4C 0028: 30 38 2d 35 39 33 44 2d 08-593D- 0030: 34 31 41 33 2d 42 42 35 41A3-BB5 0038: 37 2d 38 33 42 33 38 36 7-83B386 0040: 44 37 37 33 42 35 7d 20 D773B5} 0048: 52 65 76 69 73 69 6f 6e Revision 0050: 4e 75 6d 62 65 72 3d 31 Number=1 0058: 30 33 20 00 03 . Thank you, Andrew

    Read the article

  • Database users in the Oracle Utilities Application Framework

    - by Anthony Shorten
    I mentioned the product database users fleetingly in the last blog post and they deserve a better mention. This applies to all versions of the Oracle Utilities Application Framework. The Oracle Utilities Application Framework uses up to three users initially as part of the base operations of the product. The type of database supported (the framework supports Oracle, IBM DB2 and Microsoft SQL Server) dictates the number of users used and their permissions. For publishing brevity I will outline what is available for the Oracle database and, in summary, mention where it differs for the other database supported. For Oracle database customers we ship three distinct database users: Administration User (SPLADM or CISADM by default) - This is the database user that actually owns the schema. This user is not used by the product to do any DML (Data Manipulation Language) SQL other than that is necessary for maintenance of the database. This database user performs all the DCL (Data Control Language) and DDL (Data Definition Language) against the database. It is typically reserved for Database Administration use only. Product Read Write User (SPLUSER or CISUSER by default) - This is the database user used by the product itself to execute DML (Data Manipulation Language) statements against the schema owned by the Administration user. This user has the appropriate read and write permission to objects within the schema owned by the Administration user. For databases such as DB2 and SQL Server we may not create this user but use other DCL (Data Control Language) statements and facilities to simulate this user. Product Read User (SPLREAD or CISREAD by default) - This is the database that has read only permission to the schema owned by the Administration user. It is used for reporting or any part of the product or interface that requires read permissions to the database (for example, products that have ConfigLab and Archiving use this user for remote access). For databases such as DB2 and SQL Server we may not create this user but use other DCL (Data Control Language) statements and facilities to simulate this user. You may notice the words by default in the list above. The values supplied with the installer are the default and can be changed to what the site standard or implementation wants to use (as long as they conform to the standards supported by the underlying database). You can even create multiples of each within the same database and pointing to same schema. To manage the permissions for the users, there is a utility provided with the installation (oragensec (Oracle), db2gensec (DB2) or msqlgensec (SQL Server)) that generates the security definitions for the above users. That can be executed a number of times for each schema to give users appropriate permissions. For example, it is possible to define more than one read/write User to access the database. This is a common technique used by implementations to have a different user per access mode (to separate online and batch). In fact you can also allocate additional security (such as resource profiles in Oracle) to limit the impact of specific users at the database. To facilitate users and permissions, in Oracle for example, we create a CISREAD role (read only role) and a CISUSER role (read write role) that can be allocated to the appropriate database user. When the security permissions utility, oragensec in this case, is executed it uses the role to determine the permissions. To give you a case study, my underpowered laptop has multiple installations on it of multiple products but I have one database. I create a different schema for each product and each version (with my own naming convention to help me manage the databases). I create individual users on each schema and run oragensec to maintain the permissions for each appropriately. It works fine as long I have setup the userids appropriately. This means: Creating the users with the appropriate roles. I use the common CISUSER and CISREAD role across versions and across Oracle Utilities Application Framework products. Just remember to associate the CISUSER role with the database user you want to use for read/write operations and the CISREAD role with the user you wish to use for the read only operations. The role is treated as a tag to indicate the oragensec utility which appropriate permissions to assign to the user. The utilities for the other database types essentially do the same, obviously using the technology available within those databases. Run oragensec against the read write user and read only user against the appropriate administration user (I will abbreviate the user to ADM user). This ensures the right permissions are allocated to the right users for the right products. To help me there, I use the same prefix on the user name for the same product. For example, my Oracle Utilities Application Framework V4 environment has the administration user set to FW4ADM and the associated FW4USER and FW4READ as the users for the product to use. For my MWM environment I used MWMADM for the administration user and MWMUSER and MWMREAD for my associated users. You get the picture. When I run oragensec (once for each ADM user), I know what other users to associate with it. Remember to rerun oragensec against the users if I run upgrades, service packs or database based single fixes. This assures that the users are in synchronization with the ADM user. As a side note, for those who do not understand the difference between DML, DCL and DDL: DDL (Data Definition Language) - These are SQL statements that define the database schema and the structures within. SQL Statements such as CREATE and DROP are examples of DDL SQL statements. DCL (Data Control Language) - These are the SQL statements that define the database level permissions to DDL maintained objects within the database. SQL Statements such as GRANT and REVOKE are examples of DCL SQL statements. DML (Database Manipulation Language) - These are SQL statements that alter the data within the tables. SQL Statements such as SELECT, INSERT, UPDATE and DELETE are examples of DML SQL statements. Hope this has clarified the database user support. Remember in Oracle Utilities Application Framework V4 we enhanced this by also supporting CLIENT_IDENTIFIER to allow the database to still use the administration user for the main processing but make the database session more traceable.

    Read the article

  • Wishful Thinking: Why can't HTML fix Script Attacks at the Source?

    - by Rick Strahl
    The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as input for listings. The first line of defense of course is: Just say no to HTML input from users. If you don't allow HTML input directly and use HTML Encoding (HttyUtility.HtmlEncode() in .NET or using standard ASP.NET MVC output @Model.Content) you're fairly safe at least from the HTML input provided. Both WebForms and Razor support HtmlEncoded content, although Razor makes it the default. In Razor the default @ expression syntax:@Model.UserContent automatically produces HTML encoded content - you actually have to go out of your way to create raw HTML content (safe by default) using @Html.Raw() or the HtmlString class. In Web Forms (V4) you can use:<%: Model.UserContent %> or if you're using a version prior to 4.0:<%= HttpUtility.HtmlEncode(Model.UserContent) %> This works great as a hedge against embedded <script> tags and HTML markup as any HTML is turned into text that displays as HTML but doesn't render the HTML. But it turns any embedded HTML markup tags into plain text. If you need to display HTML in raw form with the markup tags rendering based on user input this approach is worthless. If you do accept HTML input and need to echo the rendered HTML input back, the task of cleaning up that HTML is a complex task. In the projects I work on, customers are frequently asking for the ability to post raw HTML quite frequently.  Almost every app that I've built where there's document content from users we start out with text only input - possibly using something like MarkDown - but inevitably users want to just post plain old HTML they created in some other rich editing application. See this a lot with realtors especially who often want to reuse their postings easily in multiple places. In my work this is a common problem I need to deal with and I've tried dozens of different methods from sanitizing, simple rejection of input to custom markup schemes none of which have ever felt comfortable to me. They work in a half assed, hacked together sort of way but I always live in fear of missing something vital which is *really easy to do*. My Wishlist Item: A <restricted> tag in HTML Let me dream here for a second on how to address this problem. It seems to me the easiest place where this can be fixed is: In the browser. Browsers are actually executing script code so they have a lot of control over the script code that resides in a page. What if there was a way to specify that you want to turn off script code for a block of HTML? The main issue when dealing with HTML raw input isn't that we as developers are unaware of the implications of user input, but the fact that we sometimes have to display raw HTML input the user provides. So the problem markup is usually isolated in only a very specific part of the document. So, what if we had a way to specify that in any given HTML block, no script code could execute by wrapping it into a tag that disables all script functionality in the browser? This would include <script> tags and any document script attributes like onclick, onfocus etc. and potentially also disallow things like iFrames that can potentially be scripted from the within the iFrame's target. I'd like to see something along these lines:<article> <restricted allowscripts="no" allowiframes="no"> <div>Some content</div> <script>alert('go ahead make my day, punk!");</script> <div onfocus="$.getJson('http://evilsite.com/')">more content</div> </restricted> </article> A tag like this would basically disallow all script code from firing from any HTML that's rendered within it. You'd use this only on code that you actually render from your data only and only if you are dealing with custom data. So something like this:<article> <restricted> @Html.Raw(Model.UserContent) </restricted> </article> For browsers this would actually be easy to intercept. They render the DOM and control loading and execution of scripts that are loaded through it. All the browser would have to do is suspend execution of <script> tags and not hookup any event handlers defined via markup in this block. Given all the crazy XSS attacks that exist and the prevalence of this problem this would go a long way towards preventing at least coded script attacks in the DOM. And it seems like a totally doable solution that wouldn't be very difficult to implement by vendors. There would also need to be some logic in the parser to not allow an </restricted> or <restricted> tag into the content as to short-circuit the rstricted section (per James Hart's comment). I'm sure there are other issues to consider as well that I didn't think of in my off-the-back-of-a-napkin concept here but the idea overall seems worth consideration I think. Without code running in a user supplied HTML block it'd be pretty hard to compromise a local HTML document and pass information like Cookies to a server. Or even send data to a server period. Short of an iFrame that can access the parent frame (which is another restriction that should be available on this <restricted> tag) that could potentially communicate back, there's not a lot a malicious site could do. The HTML could still 'phone home' via image links and href links potentially and basically say this site was accessed, but without the ability to run script code it would be pretty tough to pass along critical information to the server beyond that. Ahhhh… one can dream… Not holding my breath of course. The design by committee that is the W3C can't agree on anything in timeframes measured less than decades, but maybe this is one place where browser vendors can actually step up the pressure. This is something in their best interest to reduce the attack surface for vulnerabilities on their browser platforms significantly. Several people commented on Twitter today that there isn't enough discussion on issues like this that address serious needs in the web browser space. Realistically security has to be a number one concern with Web applications in general - there isn't a Web app out there that is not vulnerable. And yet nothing has been done to address these security issues even though there might be relatively easy solutions to make this happen. It'll take time, and it's probably not going to happen in our lifetime, but maybe this rambling thought sparks some ideas on how this sort of restriction can get into browsers in some way in the future.© Rick Strahl, West Wind Technologies, 2005-2012Posted in ASP.NET  HTML5  HTML  Security   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • .htaccess file size causes 500 Internal Server Error

    - by moobot
    As soon as my .htaccess goes over approx 8410 bytes, I get a 500 Internal Server Error. I don't think this is due to a bad redirect, as I have experimented with redirects in the .htaccess and then with just text that is commented out #. (no actual commands in the .htaccess file) Is there anything obvious that can cause this? Update: The site is on WordPress. Here are the redirects I was originally trying to add: RewriteEngine On ## 301 Redirects of old URLs to new # 301 Redirect 1 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^accesseries/underlay/prod_37\.html$ /product-category/accessories/underlays? [R=301,NE,NC,L] # 301 Redirect 2 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^accessories/acoustic-underlay/prod_29\.html$ /product/acoustic-underlay/? [R=301,NE,NC,L] # 301 Redirect 3 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^accessories/cat_4\.html$ /product-category/accessories/? [R=301,NE,NC,L] # 301 Redirect 4 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-flooring/accessories/cat_8\.html$ /product-category/accessories/? [R=301,NE,NC,L] # 301 Redirect 5 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-flooring/bamboo-floor/natural-strandwoven-bamboo-semi-gloss-wide-board-135mm-click/prod_151\.html$ /product/natural-strand-woven-bamboo-semi-gloss-wide-board-135mm-click/? [R=301,NE,NC,L] # 301 Redirect 6 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-flooring/bamboo-floor/strandwoven-chocolate-135mm-bamboo-flooring/prod_174\.html$ /product/strand-woven-chocolate-135mm-bamboo-flooring/? [R=301,NE,NC,L] # 301 Redirect 7 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-flooring/bamboo-floor/strand-woven-kempas-bamboo-flooring/prod_173\.html$ /product/strand-woven-kempas-bamboo-flooring/? [R=301,NE,NC,L] # 301 Redirect 8 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-flooring/bamboo-floor/strandwoven-walnut-wired-135mm-bamboo-flooring/prod_176\.html$ /product/strand-woven-walnut-wired-135mm-bamboo-flooring/? [R=301,NE,NC,L] # 301 Redirect 9 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-flooring/cat_7\.html$ /product-category/bamboo-floor/? [R=301,NE,NC,L] # 301 Redirect 10 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-bamboo-installation/info_8\.html$ /bamboo-installation/? [R=301,NE,NC,L] # 301 Redirect 11 RewriteCond %{QUERY_STRING} ^act=cart$ [NC] RewriteRule ^cart\.php$ /cart/? [R=301,NE,NC,L] # 301 Redirect 12 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^contact-us/info_2\.html$ /contact-us/? [R=301,NE,NC,L] # 301 Redirect 13 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^faqs/info_9\.html$ /faqs/? [R=301,NE,NC,L] # 301 Redirect 14 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-floating-timber-floor/black-butt-engineered-floating-timber/prod_213\.html$ /product/black-butt-engineered-floating-timber/? [R=301,NE,NC,L] # 301 Redirect 15 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-floating-timber-floor/doussie-engineered-floating-timber/prod_208\.html$ /product/doussie-engineered-floating-timber/? [R=301,NE,NC,L] # 301 Redirect 16 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-floating-timber-floor/smoked-oak-engineered-floating-timber/prod_217\.html$ /product/smoked-oak-engineered-floating-timber/? [R=301,NE,NC,L] # 301 Redirect 17 RewriteCond %{QUERY_STRING} ^act=thanks$ [NC] RewriteRule ^index\.php$ http://www.xxxxxxxxxx.com/? [R=301,NE,NC,L] # 301 Redirect 18 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=13$ [NC] RewriteRule ^index\.php$ /product-category/samples/bamboo-flooring-samples/? [R=301,NE,NC,L] # 301 Redirect 19 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=18$ [NC] RewriteRule ^index\.php$ /product/bamboo-plastic-composite/? [R=301,NE,NC,L] # 301 Redirect 20 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=2$ [NC] RewriteRule ^index\.php$ /product-category/bamboo-floor/? [R=301,NE,NC,L] # 301 Redirect 21 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=20$ [NC] RewriteRule ^index\.php$ /products/? [R=301,NE,NC,L] # 301 Redirect 22 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=3$ [NC] RewriteRule ^index\.php$ /product-category/floating-timber-floor/? [R=301,NE,NC,L] # 301 Redirect 23 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=5$ [NC] RewriteRule ^index\.php$ /product-category/laminate-flooring/? [R=301,NE,NC,L] # 301 Redirect 24 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=6$ [NC] RewriteRule ^index\.php$ /product-category/accessories/? [R=301,NE,NC,L] # 301 Redirect 25 RewriteCond %{QUERY_STRING} ^act=viewCat&catId=saleItems$ [NC] RewriteRule ^index\.php$ /product-category/clearance-sale/? [R=301,NE,NC,L] # 301 Redirect 26 RewriteCond %{QUERY_STRING} ^act=viewDoc&docId=3$ [NC] RewriteRule ^index\.php$ /faqs/? [R=301,NE,NC,L] # 301 Redirect 27 RewriteCond %{QUERY_STRING} ^act=viewDoc&docId=4$ [NC] RewriteRule ^index\.php$ /faqs/? [R=301,NE,NC,L] # 301 Redirect 28 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=137$ [NC] RewriteRule ^index\.php$ /product/laminate-flooring-goustein-wood/? [R=301,NE,NC,L] # 301 Redirect 29 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=164$ [NC] RewriteRule ^index\.php$ /product/modern-black-brushed-finish-strand-woven-flooring/? [R=301,NE,NC,L] # 301 Redirect 30 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=165$ [NC] RewriteRule ^index\.php$ /product/lime-wash-strand-woven-bamboo-flooring/? [R=301,NE,NC,L] # 301 Redirect 31 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=168$ [NC] RewriteRule ^index\.php$ /product/country-bark/? [R=301,NE,NC,L] # 301 Redirect 32 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=173$ [NC] RewriteRule ^index\.php$ /product-category/bamboo-floor/14mm-bamboo-flooring/? [R=301,NE,NC,L] # 301 Redirect 33 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=178$ [NC] RewriteRule ^index\.php$ /product/blue-gum-136-floating-timber/? [R=301,NE,NC,L] # 301 Redirect 34 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=199$ [NC] RewriteRule ^index\.php$ /product/jarrah-laminate-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 35 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=205$ [NC] RewriteRule ^index\.php$ /product/elm-12mm-laminate-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 36 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=209$ [NC] RewriteRule ^index\.php$ /product/iroko-engineered-floating-timber/? [R=301,NE,NC,L] # 301 Redirect 37 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=222$ [NC] RewriteRule ^index\.php$ /product/european-oak-engineered-floating-timber-sample/? [R=301,NE,NC,L] # 301 Redirect 38 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=236$ [NC] RewriteRule ^index\.php$ /product/black-forest-5mm-vinyl-flooring/? [R=301,NE,NC,L] # 301 Redirect 39 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=65$ [NC] RewriteRule ^index\.php$ /product/stair-nose/? [R=301,NE,NC,L] # 301 Redirect 40 RewriteCond %{QUERY_STRING} ^act=viewProd&productId=83$ [NC] RewriteRule ^index\.php$ /product/laminate-flooring-warm-teak/? [R=301,NE,NC,L] # 301 Redirect 41 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-flooring/12mm-laminate-flooring/blackbutt/prod_156\.html$ /product/blackbutt-12mm-laminate-floor/? [R=301,NE,NC,L] # 301 Redirect 42 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-flooring/12mm-laminate-flooring/tasmanian-oak/prod_171\.html$ /product/tasmanian-oak/? [R=301,NE,NC,L] # 301 Redirect 43 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-flooring/8-3mm-laminate-flooring/laminate-flooring-warm-teak/prod_8\.html$ /product/laminate-flooring-warm-teak/? [R=301,NE,NC,L] # 301 Redirect 44 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-flooring/accessories/cat_6\.html$ /product-category/accessories/? [R=301,NE,NC,L] # 301 Redirect 45 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-flooring/cat_5\.html$ /product-category/laminate-flooring/? [R=301,NE,NC,L] # 301 Redirect 46 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-flooring/country-classic-12mm-laminate/cat_19\.html$ /product-category/laminate-flooring/12mm-country-classic-laminate-floor/? [R=301,NE,NC,L] # 301 Redirect 47 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-laminate-installation/info_7\.html$ /laminate-installation/? [R=301,NE,NC,L] # 301 Redirect 48 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^privacy-policy/info_4\.html$ /faqs/? [R=301,NE,NC,L] # 301 Redirect 49 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^-quotation-request/info_5\.html$ /quotation-request/? [R=301,NE,NC,L] # 301 Redirect 50 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^rainbow-flooring/cat_16\.html$ /product-category/rainbow-flooring/? [R=301,NE,NC,L] # 301 Redirect 51 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^rainbow-flooring/walnut-rainbow-flooring/prod_112\.html$ /product/walnut-rainbow-flooring/? [R=301,NE,NC,L] # 301 Redirect 52 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/12mm-laminate-floor-samples/kempas-laminate-floor-sample/prod_195\.html$ /product/kempas-laminate-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 53 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/12mm-laminate-floor-samples/spotted-gum-laminate-floor-sample/prod_196\.html$ /product/spotted-gum-laminate-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 54 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/12mm-laminate-floor-samples/tasmanian-oak-laminate-floor-sample/prod_197\.html$ /product/tasmanian-oak-laminate-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 55 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/bamboo-flooring-samples/cat_13\.html$ /product-category/samples/bamboo-flooring-samples/? [R=301,NE,NC,L] # 301 Redirect 56 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/bamboo-flooring-samples/rosewood-strandwoven-bamboo-floor-135mm-click-sample/prod_191\.html$ /product/rosewood-strand-woven-bamboo-floor-135mm-click-sample/? [R=301,NE,NC,L] # 301 Redirect 57 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/cat_9\.html$ /samples/? [R=301,NE,NC,L] # 301 Redirect 58 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/floating-timber-floor-samples/iroko-engineered-floating-timber-floor-sample/prod_223\.html$ /product/iroko-engineered-floating-timber-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 59 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/floating-timber-floor-samples/jarrah-engineered-floating-timber-sample/prod_224\.html$ /product/jarrah-engineered-floating-timber-sample/? [R=301,NE,NC,L] # 301 Redirect 60 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/floating-timber-floor-samples/merbau-engineered-floating-timber-sample/prod_226\.html$ /product/merbau-engineered-floating-timber-sample/? [R=301,NE,NC,L] # 301 Redirect 61 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/floating-timber-floor-samples/spotted-gum-engineered-floating-timber-sample/prod_228\.html$ /product/spotted-gum-engineered-floating-timber-sample/? [R=301,NE,NC,L] # 301 Redirect 62 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^samples/floating-timber-floor-samples/sydney-blue-gum-engineered-floating-timber-sample/prod_220\.html$ /product/sydney-blue-gum-engineered-floating-timber-sample/? [R=301,NE,NC,L] # 301 Redirect 63 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^shop\.php/-laminate-flooring/accessories/laminate-flooring-accessories-click-stairnose/prod_251\.html$ /product/stair-nose/? [R=301,NE,NC,L] # 301 Redirect 64 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^shop\.php/-laminate-flooring/country-classic-12mm-laminate/country-classic-polar-white/prod_243\.html$ /product/country-classic-polar-white/? [R=301,NE,NC,L] # 301 Redirect 65 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^shop\.php/samples/12mm-laminate-floor-samples/country-classic-polar-white/prod_244\.html$ /product/country-classic-polar-white-sample/? [R=301,NE,NC,L] # 301 Redirect 66 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^shop\.php/samples/12mm-laminate-floor-samples/rustic-oak-12mm-laminate-floor/prod_248\.html$ /product/rustic-oak-12mm-laminate-floor-sample/? [R=301,NE,NC,L] # 301 Redirect 67 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^shop\.php/samples/vinyl-flooring-samples/cat_25\.html$ /product-category/samples/vinyl-flooring-samples/? [R=301,NE,NC,L] # 301 Redirect 68 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^shop\.php/vinyl-flooring/cat_24\.html$ /product-category/vinyl-floor/? [R=301,NE,NC,L] # 301 Redirect 69 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^solardeck-tiles/cat_22\.html$ /product-category/solardeck-tiles/? [R=301,NE,NC,L] # 301 Redirect 70 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^solardeck-tiles/solardeck-tiles/prod_206\.html$ /product/solardeck-tiles/? [R=301,NE,NC,L] # 301 Redirect 71 RewriteCond %{QUERY_STRING} ^$ RewriteRule ^terms-conditions/info_3\.html$ /faqs/? [R=301,NE,NC,L] I'm getting errors like this in my log: Invalid command 'aminate-flooring/tasmanian-oak/prod_171\\.html$', perhaps misspelled or defined by a module not included in the server configuration, referer: http://www.xxxxxxxx.com/laminate-installation/ Invalid command ',NE,NC,L]', perhaps misspelled or defined by a module not included in the server configuration Invalid command ',L]#', perhaps misspelled or defined by a module not included in the server configuration

    Read the article

  • Oracle Database Insider Now on LinkedIn

    - by Troy Kitch
    Our close friends over at the Oracle Database Insider blog have recently started a LinkedIn discussion group. Go behind the scenes of the latest Oracle Database announcements and discussions that include Oracle Database 11g and its options, such as Database Security, and the newest product, Oracle Exadata. Come on over to post a discussion topic, an event, ask questions and stay up-to-date on the latest Oracle Database information. We'll be there to join the discussions and answer questions. Join us on LinkedIn's latest group!

    Read the article

  • How can I audit users and access attempts to SSH on my server?

    - by RadiantHex
    I've had a few security problems with a server of mine, a few SSH users have been setting up fires aka giving problems. I would like to: Track user logins and logouts Track activity of these SSH, in order to discover any malicious activity Prevent users from deleting logs I am not much of a sys admin and I am quite inexperienced in this matter, so any kind of advice would be very welcome and very helpful. :)

    Read the article

  • Is knowledge of hacking mechanisms required for an MMO?

    - by Gabe
    Say I was planning on, in the future (not now! There is alot I need to learn first) looking to participating in a group project that was going to make a massively multiplayer online game (mmo), and my job would be the networking portion. I'm not that familiar with network programming (I've read a very basic book on PHP, MYSQL and I messed around a bit with WAMP). In the course of my studying of PHP and MYSQL, should I look into hacking? Hacking as in port scanning, router hacking, etc. In MMOs people are always trying to cheat, bots and such, but the worst scenario would be having someone hack the databases. This is just my conception of this, I really don't know. I do however understand networking fairly well, like subnetting/ports/IP's (local/global)/etc. In your professional opinion, (If you understand the topic, enlighten me) Should I learn about these things in order to counter the possibility of this happening? Also, out of the things I mentioned (port scanning, router hacking) Is there anything else that pertains to hacking that I should look into? I'm not too familiar with the malicious/Security aspects of Networking. And a note: I'm not some kid trying to learn how to hack. I just want to learn as much as possible before I go to college, and I really need to know if I need to study this or not.

    Read the article

  • SQL Azure and Trust Services

    - by BuckWoody
    Microsoft is working on a new Windows Azure service called “Trust Services”. Trust Services takes a certificate you upload and uses it to encrypt and decrypt sensitive data in the cloud. Of course, like any security service, there’s a bit more to it than that. I’ll give you a quick overview of how you can use this product to protect data you send to SQL Azure. The primary issue with storing data in the cloud is that you are in an environment that isn’t under your control – in fact, that’s the benefit of being in a distributed computing environment in the first place. On premises you’re able to encrypt data you don’t want anyone else to see, using various methods such as passwords (not very strong) or certificates (stronger). When you use a certificate, it’s vital that you create (or procure) and protect it yourself. When you store data remotely, regardless of IaaS, PaaS or SaaS, you don’t own the machines where the data lives. That means if you use a certificate from the cloud vendor to encrypt the data, you have to trust that the data won’t be accessed by the vendor. In some cases having a signed agreement with the vendor that they won’t access your data is sufficient, in other cases that doesn’t meet the requirements your system has for security. With the new Trust Services service, the basic process is that you use a Portal to create a Trust Server using policies and other controls. You place a X.509 Certificate you create or procure in that server. Using the Software development Kit (SDK), the developer has access to an Application Layer Encryption Framework to set fields of data they want to encrypt. From there, the data can be stored in SQL Azure as a standard field – only it is encrypted before it ever arrives. The portion of the client software that decrypts the data uses the same service, so the authenticated user sees the data if they are allowed to do so. The data remains encrypted “at rest”.  You can learn more about this product and check it out in the SQL Azure labs at Microsoft Codename "Trust Services"

    Read the article

  • No Rest for the Virtuous

    - by Chris Massey
    It has been an impressively brutal month in terms of security breaches, and across a whole range of fronts. The "Cablegate" leaks, courtesy of Wikileaks, appear to be in a league of their own. The "Operation Payback" DDoS attacks against PayPal, MasterCard and Visa (not to mention the less successful attack against Amazon) are equally impressive. Even more recently, the Gawker Media Network was subjected to a relatively sophisticated hack attack by Gnosis, with the hackers gaining access to some...(read more)

    Read the article

  • Interesting links week #51 and #52

    - by erwin21
    Below a list of interesting links that I found this week: Frontend: How to Create a Mobile Version of Your Website 10 tricks that will make your jQuery enabled site go faster Tools and Resources to Test Cross Browser Compatibility of Your Websites 9 Websites to Learn the Basics About html 5 Development: Online web.config security analyzer tool Using 51Degrees.Mobi Foundation for accurate mobile browser detection on ASP.NET MVC 3 Interested in more interesting links follow me at twitter http://twitter.com/erwingriekspoor

    Read the article

  • Comodo Cleaning Essentials for Windows

    Comodo Cleaning Essentials' main purpose is to clean an infected PC. Comodo emphasizes the fact that cleaning an infected PC and protecting a clean PC from potential attacks are two completely separate items. While Comodo Cleaning Essentials specializes in the former, the company does have a preventative solution in the form of its Comodo Internet Security offering, which employs auto sandbox technology to provide ultimate protection. Comodo Cleaning Essentials is highlighted by its two core technologies: KillSwitch and Malware Scanner. KillSwitch operates off of Comodo's whitelist database...

    Read the article

  • Managing accounts on a private website for a real-life community

    - by Smudge
    I'm looking at setting-up a walled-in website for a real-life community of people, and I was wondering if anyone has any experience with managing member accounts for this kind of thing. Some conditions that must be met: This community has a set list of real-life members, each of whom would be eligible for one account on the website. We don't expect or require that they all sign-up. It is purely opt-in, but we anticipate that many of them would be interested in the services we are setting up. Some of the community members emails are known, but some of them have fallen off the grid over the years, so ideally there would be a way for them to get back in touch with us through the public-facing side of the site. (And we'd want to manually verify the identity of anyone who does so). Their names are known, and for similar projects in the past we have assigned usernames derived from their real-life names. This time, however, we are open to other approaches, such as letting them specify their own username or getting rid of usernames entirely. The specific web technology we will use (e.g. Drupal, Joomla, etc) is not really our concern right now -- I am more interested in how this can be approached in the abstract. Our database already includes the full member roster, so we can email many of them generated links to a page where they can create an account. (And internally we can require that these accounts be paired with a known member). Should we have them specify their own usernames, or are we fine letting them use their registered email address to log-in? Are there any paradigms for walled-in community portals that help address security issues if, for example, one of their email accounts is compromised? We don't anticipate attempted break-ins being much of a threat, because nothing about this community is high-profile, but we do want to address security concerns. In addition, we want to make the sign-up process as painless for the members as possible, especially given the fact that we can't just make sign-ups open to anyone. I'm interested to hear your thoughts and suggestions! Thanks!

    Read the article

< Previous Page | 468 469 470 471 472 473 474 475 476 477 478 479  | Next Page >