GoFuckYourself.com - Adult Webmaster Forum - View Single Post

raymor · 12-07-2011, 09:16 PM

1) in use where?

2)
if empty ($_REQUEST['somevar']) {
print an error and exit
}

What sucks about web development is that every month about 50 hackers will check to see if you made any common mistakes. Unlike desktop or microcontroller development, "small" errors end up with your server overrun with trojans. Since you're clearly a complete newbie, just starting to learn the very basics, these three rules will help your server survive while you learn:

Don't call any system commands, like ffmpeg for example. You don't know how to do so safely. (You're about 2-3 years from knowing how if you're careful and you study, as the "techies" here normally post perfectly exploitable code.)

Sendmail is a system command. Use PHP's mail() function and hardcode either the recipient or the message. Otherwise you'll be a nice gateway for spammers.

If you use a "database" (which will actually be a spreadsheet to you, since you don't know what "relational database" means), assume the bad guys have access to it. They can read or delete your table at this point in your development.

I say these things without looking down on you at all. I was at the same place in my learning twenty-five years ago. Now, I'd be grateful to get similar tips from T'so on how to work on a device driver without blowing up my kernel. I'm about to work on an LVM device mapper patch and I'll be seeking advice from agk and Zdenek Kabelac.

12-07-2011, 09:16 PM
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	1) in use where? 2) if empty ($_REQUEST['somevar']) { print an error and exit } What sucks about web development is that every month about 50 hackers will check to see if you made any common mistakes. Unlike desktop or microcontroller development, "small" errors end up with your server overrun with trojans. Since you're clearly a complete newbie, just starting to learn the very basics, these three rules will help your server survive while you learn: Don't call any system commands, like ffmpeg for example. You don't know how to do so safely. (You're about 2-3 years from knowing how if you're careful and you study, as the "techies" here normally post perfectly exploitable code.) Sendmail is a system command. Use PHP's mail() function and hardcode either the recipient or the message. Otherwise you'll be a nice gateway for spammers. If you use a "database" (which will actually be a spreadsheet to you, since you don't know what "relational database" means), assume the bad guys have access to it. They can read or delete your table at this point in your development. I say these things without looking down on you at all. I was at the same place in my learning twenty-five years ago. Now, I'd be grateful to get similar tips from T'so on how to work on a device driver without blowing up my kernel. I'm about to work on an LVM device mapper patch and I'll be seeking advice from agk and Zdenek Kabelac. Last edited by raymor; 12-07-2011 at 09:18 PM..