Friday, December 30, 2011

Brush Up On Your Coding

Been a while since you've touched Java or Python? You should check out codingbat.com  It has a ton of different methods for you to write for fun, and you're able to test them within the website itself. It's a great resource for you to bring your coding skills back up to speed!

What about CSS, HTML, PHP, and other web development languages? w3schools.com has a similar way for you to be able to brush up on these skills! It also has in depth training tools, and is a worthy knowledge base for any web developer seeking information on how to code very basic actions in web development.

Where's the codingbat for C? Since C is a much more volatile language to code with, they don't have anything like this for C. If they did, the dynamics of the C language are so diverse, that you would be able to manipulate the website with easy injection. Websites would crumble from anyone with experience who is intentionally trying to destroy the site.

If you'd like to brush up on your C, there are plenty of other free materials on the web, like cprogramming.com for you to be able to hone your skills. In order for you to test to see if your code is working in C, you would have to code locally, on your own PC -- not over the internet.

A New Way to Prevent SQL Injection

So, I had this idea as a way of preventing SQL injection on my websites for people who have to fill out text boxes similar to what I am doing now, and was wondering if I could get some possible feedback on the subject. I would take ANY and ALL data from the user, no matter what they want to type, and have a phphash file that would hash the entire text box into a massive string of numbers. Those numbers would then be stored either in the database, or in a specific file type, and when the data is retrieved, the numbers would then be converted back into text.

On the positive side, this would allow me to store string literals, and I mean LITERAL, which would be displayed where ever I want it to be displayed, and would run at a BigO of n.

On the down side, this may take up a lot of server-side processing speed dependent on how much information is being relayed back to the user, how many users are currently using the database, and how large of strings we're talking.

Essentially, this can be a fool-proof way (if implemented on every field) for storing string literals without the chance of an SQL injection attack. Meaning, someone could successfully write this post and append;DROP TABLE Users;-- without repercussion.

Thursday, December 29, 2011

CSRF

Cross Site Request Forgery. Working on beating down this demon as we speak, but the jist of it is this: Without proper security, someone is able to, for example, send a fake image source file to a user, with the source of the image being the attack. This source could redirect valuable cookie information from your browser through a malicious website, and steal some valuable information.

The way I'm going to get around this is with proper hashing, superior php session coding, and proper site redirection.

Database Development

I've been doing a little work with SQL recently, and I've been trying to figure out the best way to develop somewhat of a "Social Networking" database using as few fields and as small of data as I can. I've run into sort of a problem while doing this. I cannot figure out how I would be able to expand the database if this little project took off. Say I start out great, expecting roughly 2,000 users, and I'm very comfortable with that, but lets say that it expands to 200,000 users. My queries would become exponentially slower, and I would have no idea what to do from there.