Archive

Archive for the ‘iphone application developer’ Category

Hardening Your Web Application Against SQL Injections

October 2, 2011 Leave a comment

[The information provided is for educationally purposes only and not to be used for malicious use]

Hi All,

Before digging what actually SQL Injection is, let me explain you what is SQL it self.

What is SQL?

Structured Query Language (SQL) is a specialized programming language for sending queries to databases. Most small and industrial- strength database applications can be accessed using SQL statements. SQL is both an ANSI and an ISO standard. However, many database products supporting SQL do so with proprietary extensions to the standard language. Web applications may use user-supplied input to create custom SQL statements for dynamic web page requests.

What is SQL Injection?

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of a web application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

“SQL Injection” is subset of the unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it’s straightforward to create some real surprises.

Many organization’s web servers has been compromised just because of SQL Injections, including big names which I would not like to mention here, you can search it easily on Internet.

What is Blind SQL Injection?

This particular type of attack is called a blind SQL injection attack, because the attacker cannot take advantage of detailed error messages from the server or other sources of information about the application. Getting the SQL syntax right is usually the trickiest part of the blind SQL injection process and may require a lot of trial and error. But, by adding more conditions to the SQL statement and evaluating the Web application’s output, an attacker will eventually determine whether the application is vulnerable to SQL injection.

Blind SQL injection a special case that plays on the web developers or website owners sense of security. While they may think that everything on the server is tightly guarded a Blind SQL injection attack will silently be playing truth or consequences with the web server. This type of attack though very time consuming is one that provides the most potentially damaging security hole. This is because an attacker gets not only access but is provided with an enormous amount of knowledge about the database and can potentially gain access to a servers file system. This type of attack is one that is automated and requires good amount of setup to succeed. But once it is done it does not require a great deal of effort to repeat.

What is Error message SQL Injection?

Web applications commonly use SQL queries with client-supplied input in the WHERE clause to retrieve data from a database. When a Web application executes such queries without validating or scanning the user-supplied data to ensure it’s not harmful, a SQL injection attack can occur. By sending unexpected data, an attacker can generate and submit SQL queries to a web applications database. A test for SQL injection vulnerabilities takes place by sending the application data that generates an invalid SQL query. If the server returns an error message, that information can be used to try to gain uncontrolled access to the database. This is the basis of one of the most popular SQL injection attacks.

Hiding error messages does not stop the SQL injection attack. What typically happens is the attacker will use the knowledge gained from the failure of this attack to change tactics. What they turn to is blind SQL injection.

Why SQL Injection?

When a web application fails to properly sanitize user-supplied input, it is possible for an attacker to alter the construction of backend SQL statements. When an attacker is able to modify a SQL statement, the process will run with the same permissions as the component that executed the command. (E.g. Database server, Web application server, Web server, etc.). The impact of this attack can allow attackers to gain total control of the database or even execute commands on the system.

 

Contact : 

bhavinrana07[@]gmail.com

Advertisements
Categories: CakePHP, CakePHP Developer India, drupal freelancer india, freelance developer, Freelance PHP Developer, Freelance PHP Programmer, Freelance Programmer India, Hire Dedicated Programmer India, Hire PHP Developer India, Hire PHP Professional, Hire PHP Professional India, Hire PHP Programmer India, Hire Web developer, india web development, iphone application developer, iphone developer, JavaScript, joomla, joomla customization india, Joomla Developer, joomla developer india, joomla freelancer india, jquery, Magento, magento freelancer india, mysql, oscommerce Customization, oscommerce developer, php, PHP Developer, PHP Developer India, PHP Development, PHP Freelancer India, Php programming, SQL, Web Developement Company USA, web developer, web developer ahemdabad india, web developer india, Web development India, wordpress, Wordpress Blog Developer, Wordpress Customization Services, Wordpress Developer, Wordpress Developer India, wordpress freelance developer, wordpress freelance programmer, wordpress freelancer, Wordpress Freelancer India, Wordpress Programmer, Wordpress Shopping Cart, Wordpress theme customization, wordpress theme integration, x cart development india, x-cart Tags: , , , , , , , , , , , , , , , , , , , , ,

PHP Web Development, Custom PHP Development of India based OPS – Instant, Interactive, Inexpensive (freelance php developer programmer wordpress joomla drupal and many open sources, cakephp and many frameworks)

October 2, 2011 3 comments

PHP Web Development, Custom PHP Development of India based OPS – Instant, Interactive, Inexpensive (freelance php developer programmer wordpress joomla drupal and many open sources, cakephp and many frameworks).

😀

Need to develop website in PHP? Want to develop custom applications in PHP? Looking for PHP development services at affordable costs? Then your search ends here.

Outsourcing Programming Services (OPS) – A leading PHP development company from India offers PHP web developmentservices at cost effective rates. Develop your custom high end applications through PHP development services. Increase business efficiency level and reduce business overheads by outsourcing custom PHP development requirements to us.

Request a Quote to know your PHP development costs for FREE, visit: https://bhavinrana.wordpress.com/

PHP Development Services by OPS:

• Custom PHP Development: Customized development with desired features and dynamic functionality
• PHP Application Development: Develop business web applications with elegant application user interface design
• PHP eCommerce Website Development: eCommerce shopping cart development services using Magento, CS Cart, VirtueMart, X-Cart, Zen Cart, etc.
• PHP MySQL Development: Develop dynamic and database driven website applications with PHP and MySQL
• Open Source PHP Implementation and Customization: Helps to develop and implement PHP Open Source Applications for businesses on open source and PHP platform i.e. LAMP, WAMP
PHP Web Development with MVC architecture: Develop web applications using CakePHP, Zend framework and CodeIgniter.

Based in India, leading PHP Development Company provides total PHP development solutions for various businesses & industries. It has a team of best Indian PHP developers who has developed and delivered thousands of custom PHP applications at affordable rates.

Drop a brief of PHP development requirements and get assisted by PHP Development experts in almost no time.

Contact:

bhavinrana07[@]gmail.com

Categories: ajax, Androide developer, CakePHP, CakePHP Developer India, drupal freelancer india, Freelance PHP Developer, Freelance Programmer India, freelance web, freelance web designer, Freelance web developer, get a freelancer, Graphic Designer, Hire Dedicated Programmer, Hire Dedicated Programmer India, Hire PHP Developer India, Hire PHP Professional, Hire PHP Professional India, Hire PHP Programmer India, iOS, iphone 4, iphone application developer, iphone developer, iphone website designer, JavaScript, joomla customization india, Joomla Developer, joomla developer india, joomla freelancer india, jquery, mysql, open sources developer india, oscommerce Customization, oscommerce developer, php, PHP Developer, PHP Developer India, PHP Development, PHP Freelance, PHP Freelancer, PHP Freelancer India, php freelancing india, php freelancing india mumbai, PHP programmer, Php programming, web design india, web designer, web designer india, Web Developement Company USA, web developer, web developer ahemdabad india, web developer india, Web development India, Word Press Reserch, Wordpress Customization Services, Wordpress Developer, Wordpress Developer India, wordpress freelance developer, wordpress freelance programmer, wordpress freelancer, Wordpress Freelancer India, Wordpress Programmer, Wordpress Shopping Cart, Wordpress theme customization, wordpress theme integration, x cart development india, x-cart Tags: , , , , , , , , , , , , , , , , , , , ,

Google new chart API

September 28, 2011 Leave a comment

Hi All,

 

A new API from Google that generates information charts in a dynamic way. its usage is quite straightforward: you link to an image in the form of a parameterized URL, such as http://chart.apis.google.com/chart?cht=p3&chd=t:90,49&chs=400×200&chl=data|bling.

“cht=p3? is the chart type, in this case, a pie chart.

 

“chd=t:90,49? are the chart values, text-encoded, and separated by a comma.

“chs=400×200? is the custom chart size, 400 by 200 pixels.

“chl=Data|Bling” are the different labels for the pie chart sections, separated via the pipe character.

chart types include: line charts, bar charts, pie charts, Venn diagrams & scatterplots.

View Demo

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Categories: Androide developer, CakePHP, CakePHP Developer India, freelance developer, Freelance PHP Developer, Freelance Programmer India, freelance web designer, Hire Dedicated Programmer, Hire Dedicated Programmer India, Hire PHP Developer India, Hire PHP Professional, Hire PHP Professional India, Hire PHP Programmer India, Hire Web developer, iphone application developer, iphone developer, iphone website designer, JavaScript, jquery, mysql, php, PHP Developer, PHP Developer India, PHP Development, PHP Freelance, PHP Freelancer, PHP Freelancer India, php freelancing india, php freelancing india mumbai, PHP programmer, PHP Programmer India, Php programming, tips & trics, url rewriting, web design india, web designer, web designer india, Web Developement Company USA, web developer ahemdabad india, web developer india, Web development India, Word Press Reserch, wordpress, Wordpress Blog Developer, Wordpress Customization Services, Wordpress Developer, Wordpress Developer India, wordpress freelance developer, wordpress freelance programmer, wordpress freelancer, Wordpress Freelancer India, Wordpress Programmer, Wordpress Shopping Cart, Wordpress theme customization, wordpress theme integration, x cart development india, x-cart Tags: , , , , , , , , , , , , , , , , , , , , ,

PHP Development India – Best Language for Web Development

September 28, 2011 1 comment

Hi All,

In today’s advanced technological world, the popularity of the internet has been increasing and we see millions of websites running on the internet to fulfill the requirement of user and the figure keeps increasing each day. Therefore, the merchants are getting cut-throat competition on the internet. Strong representation of a website is thus necessary for its online success. Hence, merchants have been diverted to web development industry to build the strong online presence.

There are many options available for web development like php, asp.net, java, wordpress, etc., from them php becomes a first choice for company websites. Because PHP is an open source server side scripting language, which allows effective web development at affordable rates. PHP support multiple platforms and databases such as Linux kernel, MS Windows, MySQL, MS Access, SQL server & Oracle. It also offers an array of other features which can be used to make a website flexible and user-friendly.

Benefits of PHP Development:

  • Create a dynamic website that has a professional look
  • Its support various OS (operating system) like Windows, Linux and Unix
  • The coding is easily understandable
  • Web development at very affordable rates
  • Increase your ROI (Return of Investment)

Many countries provide php development services, from them India has taken first place in this field because Indian php developers offer excellent designing and development services and take new challenges with open arms and most important thing, you get your application at one-quarter of cost at your current rate.

 

 

CakePHP Auth Component For Dummies Tutorial

September 21, 2011 3 comments

First off, I would like to say much thanks to Gwoo for finally helping me to understand this thing.

So I know what you’re thinking; I’m probably the last person to finally figure out the CakePHP’s Auth Component. For the past few months, I’ve been using obAuthbecause that’s the only authentication I could get to work with CakePHP. I think that I was just making it more difficult than it should have been.

My main resource for learning the Auth Component has been Chris’s tutorial, but even then I still needed help. Also, I’m the type that doesn’t really learn much without code.

Note that I’m running off of the CaekPHP 1.2 beta.

Getting Started

Now you can modify this however you like, but I’m starting out with the basics. You’re going to need the following:

  • A user database with fields usernamepassword. Of course they don’t need to be named that way, but defaults are fun.
  • A User Model with Controller and Views – This can be baked from CakePHP
  • A login view for the user.
  • And a base app_controller.php. That’s it.

The Setup – app_controller and users_controller

So here’s the minimum in app_controller:

 

 

 

var $components = array('Auth');
 
function beforeFilter(){
    $this->Auth->loginAction = array('controller' => 'users', 'action' => 'login');
    $this->Auth->loginRedirect = array('controller' => 'pages', 'action' => 'display', 'home');
    $this->Auth->allow('display');
    $this->Auth->authorize = 'controller';
}
function isAuthorized() {
    return true;
}


You can always visit the API for a better understanding of what’s going on, but right now we’re just trying to get stuff working.

After that there’s the users_controller.php. This you can get straight out of CakePHP’s baking. You do need a small modification:

 

function login()
{
}
 
function logout(){
    $this->Session->setFlash('Logout');
    $this->redirect($this->Auth->logout());
}

Brief Explanation

Honestly, it’s magic; automagic to be precise. If you want to know how it works, you can read up in the API. But what I will do, is give you some of the magic words.

$this->Auth->authorize = ‘controller’

There are different types of authorization action (ugh – ACL stuff), CRUD (basically locks up all the editing stuff), and controller (gives you some need control). Hey, sorry I don’t know too much of what it does, just what I need.

$this->Auth->loginAction = array(‘controller’ => ‘users’, ‘action’ => ‘login’)

This tells yo what the login page is. It also controls where the user is redirected to if he’s not authorized to view a page.

$this->Auth->loginRedirect = array(‘controller’ => ‘pages’, ‘display’ => ‘home’)

Self explanatory: default action to redirect the user to when logged in if they go straight to the login page. If, however, they tried to access a restricted page then this will be ignored and when they login they’ll be redirected to where they wanted to go to.

$this->Auth->allow(array(‘display’))

This is one of the magic functions. By default, adding the authentication component locks down all actions, except the login and logout. This is your way of telling the component let me in to the ‘display’ action for every controller. You at least want to see the homepage right?

You can also add to this in the beforeFilter() of each controller you you need (don’t forget theparent::beforeFilter() to make sure the Auth stuff is still called). Likewise there’s a $this->Auth->deny(), which does the reverse. One small tip: you can also use allow(array(‘*’)) to allow everything.

User Controller

For right now, the login() action can be left as is. The Auth Component handles all that foot work beautifully. You just need to make sure you call $this->Auth->logout() in your logout() action. It has the added benefit of returning the Auth’s logoutRedirect, so $this->redirect($this->Auth->logout() works great.

Hire PHPBB Developer for Robust Web Forum Development

September 21, 2011 Leave a comment

In the online business, businessmen suppose to be using various web techniques to promote the business on the web. The more interaction with the related entities can open the more avenues for the business and one of the best modes of interaction and sharing information on the web is forums.Internet forums with business websites can do amazing business promotional work. Developing web forum involves a fair programming work that is complex for novice businessmen. One of the popular & unique PHPBB (PHP Bulletin Board) systems for developing robust internet forums to business websites is available in the web development. PHPBB softwareis based on PHP programming language. However, web forums can be developed using various other computer programming languages such as Perl, Java and ASP. Internet forum development for websites is complex and costly process. Businessman can hire PHPBB developer / programmerfor making it cost-effective & customize to use with business website.

Internet forums are efficient tool to use with business as they incredibly great source to reach and converse with people. Designing, developing and hosting of internet forums is costly process and small businessman or online business company suppose to seek affordable alternative. As PHP is an open source scripting language and hire dedicated PHPBB developer is the best option that can save precious money. He can specially build or performPHPBB development, customize it and host cost – effectively. Anyone in the online business can hire PHPBB Developer from PHP Web Development Company. The concept of hiring dedicated developer is popular in the present times, which is very helpful in technical terms as well as in the matter of affordability. Customized designing, development and hosting all three can be derived from one professional. Moreover, a hiredPHPBB Developer can provide the benefits or implement the features of all updated versions such as PHPBB2 & PHPBB3 into business.

Categories: .htaccess, CakePHP, CakePHP Developer India, freelance developer, Freelance PHP Developer, Freelance PHP Programmer, Freelance Programmer India, freelance web, freelance web designer, Hire Dedicated Programmer, Hire Dedicated Programmer India, Hire PHP Developer India, Hire PHP Professional, Hire PHP Professional India, Hire PHP Programmer India, Hire Web developer, Hire Web Developer India, india web development, Indian Freelancer, iphone 4, iphone application developer, iphone developer, JavaScript, joomla customization india, Joomla Developer, joomla developer india, jquery, mysql, php, PHP Developer, PHP Developer India, PHP Development, PHP Freelance, PHP Freelancer, PHP Freelancer India, php freelancing india, php freelancing india mumbai, PHP programmer, Php programming, web designer india, Web Developement Company USA, web developer, web developer ahemdabad india, web developer india, wordpress, Wordpress Blog Developer, Wordpress Customization Services, wordpress freelancer, Wordpress Freelancer India, Wordpress Programmer, Wordpress Shopping Cart, Wordpress theme customization, wordpress theme integration, x cart development india, x-cart Tags: , , , , , , , , , , , , , , , , , , ,

Speed up Page Load by reducing HTTP requests with PHP

September 20, 2011 Leave a comment

A nice technique to speed up your page loading times is to try to reduce the amount of calls your browsers has to make to the server. This will be every image, every css and every JavaScript file included in the webpage. Each time you want to load in one of these elements you will be sending a request to the server which will return the requested object known as a HTTP request.

Reduce Page Loading Time With PHP

Each one of these uses up time on your page loading, so to reduce page load all you have to do is reduce the amount of calls being made. But what if you want to organise you JavaScript files, jquery file, general file, application file and page file. There could be upto 4 requests for some javascript for the page.

It is possible in PHP to combine these JavaScript files together and trick the browser into thinking they are just one JavaScript file, therefore reducing the amount of calls being made to the server. This is done by reading the JavaScript with PHP then changing the header to JavaScript like the example below.

Create a PHP file and use the readfile function to bring in your Javascript files then change the header to Javascript and the server will treat this page as Javascript.

 
readfile(jquery.js');
readfile(general.js');
readfile(jquery-ui.js');
readfile(page.js');
header('Content-type: text/javascript');


The above technique can also be used with CSS files or a combination of them both.
%d bloggers like this: