Tech Sharing Blog

Web, Tech, Tips, Download Blog…

Advertisement

Archive for the ‘ Programming ’ Category

Advanced ColdFusion: Error handling

By David on July 26, 2010


That’s nothing perfect in the world, no matter how good the application and web site is, that’s still some hole that we may need to handle. By handling that kind of hole, we try to make our application close to perfect.


This powerpoint show that Why we need the error handling, What are error, how the error being handled, type of error, type of error handling.


Advanced ColdFusion - Error Handling (1)


Error Catching with CFERROR and CFCATCH (2)

Popularity: 1% [?]

Building Secure Coldfusion Applications

By David on July 21, 2010

Here is the presentation slide by Pete Freitag, Principal Consultant from Founeo Inc.

In the presentation slide show it will cover the following topic include:

  • Uchecked input
  • File Uploads
  • XSS-Cross Site Scripting
  • SQL Injection
  • Cross Site Request Forgery
  • CRLF Injection
  • Session Hijacking


Secure your Coldfusion application (3)

Popularity: 1% [?]

Hidding IIS web server header

By David on July 9, 2010


Google for long time regarding how to hide the HTTP header for IIS in order to mask the server identity and finally found out this tools call URLScan.
Basically URLScan is an ISAPI filter that allows Web site administrators to restrict the kind of HTTP requests that the server will process. By blocking specific HTTP requests, the URLScan filter prevents potentially harmful requests from reaching the server and causing damage.
Actually most of the features that provided by URLScan are included in IIS but not the Remove Server Header features as microsfot find out that this is not an important issue that that’s no real security benefit of include in IIS. But that’s some marketing purposes why microsoft not encourage web master to hide the identity.

How to hide the IIS identity:

  1. download the URL scan
  2. Install the URL scan in your server.
  3. go to the URLScan config file at C:\WINDOWS\system32\inetsrv\urlscan\UrlScan.ini
  4. Change RemoveServerHeader=1 (by default is 0)
  5. Save the file
  6. Restart your IIS
  7. Check on your header (http://www.rexswain.com/httpview.html)
For more detail on the URLScan and the features, you may easily get a lot of information by Google on URLScan



Popularity: 1% [?]

Possible injection use keyword

By David on May 19, 2010

SQLInjection1 1 Possible injection use keyword

All the web developer, web admin, as well as DB admin are always facing the attacking from all around the world toward their web site, but how to prevent it?


Some may use the 3th party software to prevent it, some may just filter all the possible keyword enter by the user, some will use the database store procedure to prevent it. The following are some of the keyword that you may need to take care of when you allow your user to enter any input to your system.


Web site injection attack keyword (22)

Popularity: 1% [?]

Form validation not allow chinese cheractor

By David on January 14, 2010

the following example use the javascript regular express to validate the value where Chinese charecter is not allow.


<script   language=javascript>   
    
  function   checkChinese(){   
    
      var   re   =   /[\u4E00-\u9FA0]+/;   
    
      if   (re.test(form1.tjiccode.value))   
    
      {   
    
          alert(“不允许输入中文!”);   
    
  return   false;   
    
      }   
    
  }   

Popularity: 1% [?]

phpBB open source forum application

By David on October 24, 2009

Because of I need to handle a project in my comany which include the forum features, but the language is Chinese Simplify, so I manage to find out this 9 years old product.


phpBB is a free and open source forum application. phpBB was created in June 2000 as UBB-like forum solution using the PHP language and the latest version up to today is phpBB 3.0 ‘Olympus 3.5′ (Release at 31 May 2009). phpBB is available at no cost, released under the GNU General Public License.


I choose this as my forum in the new project is because it come with an intuitive adminstration system and extensive customisation capabilities. Besides that, it is capable to supporting hundreds of million of discussions in any language and boatst some of the largest forum communities on the Internet. phpBB is developed by six core developers, more than forty team members and is supported by a community of almost 300,000 users and developers up to today.


The lastest version support the UTF-8 encoding including the Simplify chinese , tranditional chinese encoding, Russian, Thai, Turkish and more. Besides that, it support most of the most common database in market such as MSSQL, MySQL, PostgreSQL, Oracle, Firefird, SQLList. The release of phpBB 3.0 is come with nearly 500 enhancements, modification and extenstion compare to the previous version.


phpBB also is a highly recomended forum application for those who like to customize and quickly integrate into any content management system or static web site because it come with very flexible framework, documented Application Programming Interfaces (APIs).


Click here for more phpBB forum features list
Click here to go to phpBB forum official page
Click here to go to phpBB forum download page


phpBB forum home page

phpBB forum home page

phpBB sample forum backend admin control paner

phpBB sample forum backend admin control paner

Popularity: 16% [?]

SEO Powered by Platinum SEO from Techblissonline