April, 2013

now browsing by month


Dynamic vs static imaging. Which to use, the pros and cons.


All website have images (well all the good ones). In fact most websites have many images. If you build a website where the public can upload images then you start getting hundreds and thousands and millions of images. At this point the use of the images and how they are managed becomes an area where significant thought and planning must be incorporate into the image management.

Generally there are 2 main options for images, both of which are going to be explained here. Dynamic and static images. This article assumes knowledge of HTML and server side scripting.

Read the rest of this page »

Securing forms and URL data submissions.


Please see my article Vulnerabilities in forms and URL Parameters for more info on the vulnerabilities.

There are a few ways the data transmissions from forms and URL parameters can be made more secure. Some of these practices can be used, or all, for extra security. Below I’ve listed a few important guidelines and other tips that can be used to secure forms.

Golden Rule #1
Never rely on Javascript for error checking or to validate the content submitted. This is a poor mistake to make. Javascript is easily hackable because it is client-side script. This means that the processing of the code is carried out on the clients machine, the server-side script has no control over it. So a user can edit this code and change the way it processes data. This leads onto the next rule!

Read the rest of this page »

Vulnerabilities in forms and URL parameter data


One of the most commonly overlooked areas in web design is the transfer of information via forms and URL parameters. I see it quite often and this can open a website to dangerous vulnerabilities. There are many practices that should be carried out to keep a website secure but this focus purely on the passing of data between pages via form and URL parameters. This article assumes you have some amount of knowledge on HTML and server side scripting.

So what is the problem?

The problem is that the content of forms and parameters can easily be changed. It is one of the easiest ways to hack a website. Anyone can view the code and edit an input value without too much fuss. A URL parameter can be edited right within the URL address bar. Both of these situations can be done by anyone viewing your website without any special software or extensive experience.

Read the rest of this page »

My new blog site!!!


Hi and welcome to my new blog. I’ve decided to create this blog to start sharing my knowledge and ideas as well as storing them for future reference. Providing me with a central storage of information from my findings and research that I can share with others.

I’ve been building websites for around 15 years, and as you can imagine, in that time I have overcome many issues in a variety of situations massing an immense amount of knowledge on the subject. I have been formally trained a university, have tutored and been a teacher in programming and website development. All this among many years of development for various businesses/clients. With the ever advancing nature of technology there are always new challengers and problems to be solved and never a shortage of information to be shared.

So I hope you enjoy the information that will be contained within. Please feel free to comment, like, contact, etc. All that wonderful social and interactive internet magic.