I've been causing some (security) concerns for myself by thoughtlessly using the dreaded 777 permissions for upload directories to allow the various PHP-based websites that I host at nearlyfreespeech.net to write files there. What this drastic anti-security measure didn't allow me to is to manage these uploaded files through SSH (and SCP/Rsync). In the chroot jail which I'm allowed to enter through SSH, I am â€˜meâ€™, while the files created from PHP end up being owned by user â€˜webâ€™. However, for some reason these files didn't get owned by group â€˜webâ€™ of which the â€˜meâ€™ user is a member. Also, I got into trouble with new directories that were being created by the upload scripts.
By Rowan Rodrik, 3 months ago, on February 08, 2013, at 17:02 |
I haven't got much experience when it comes to testing web applications. Instead (and more so out of apathy than belief), I've always adhered to the ad-hoc test approach. However, the usage of pure Posgres unit tests back when I worked on a complicated investment database with Halfgaar did teach me the advantages of test-driven development.
By Rowan Rodrik, 1 year ago, on May 19, 2012, at 13:05 |
If you want to execute system commands from something like PHP, you need a SUID executable which you can call from your PHP scripts. This is such a script. It could be extended to support parameters for the commands you want to execute, but that would be an enormous security risk, because then anybody can execute any command. If you need something as flexible as that, you need to think about adding some kind of security restrictions, like a list of allowed commands.
By halfgaar, 2 years ago, on February 02, 2011, at 16:02 |
Wordpress does automatic paragraph formatting using the wpautop filter, some PHP code originally developed by Matt Mullenweg. For most of the time that this blog has existed, I've disabled the wpautop filter using the following two lines in my theme's functions.php file:
By Rowan Rodrik, 2 years ago, on December 09, 2010, at 00:12 |
A year ago, my web host thoroughly explained how PHP include vulnerabilities can be exploited, hoping that better user education would leave less member-sites vulnerable to automated attacks by spammer scum.
By Rowan Rodrik, 3 years ago, on November 14, 2010, at 19:11 |
On Oktober, the 25th, in what will be known to future generations as a historical move, Wiebe changed the A record of www.aihato.nl to point to the new production site running at Ytec. The new site, a collaboration by Ytec and me, based on WordPress, has been in development since May. At least, that's when I started taking notes. There had been some discussion, wire-framing and design done before that time.
By Rowan Rodrik, 3 years ago, on November 09, 2010, at 17:11 |
May, last year, I created an empty draft for this post, because, around that time, I had gone through quite some effort before I got thumbnails for foreign file repos working just right. Now, I'm taking a dive into my MediaWiki working dirs in preparation of the creation of a separate development environment, so it's a good moment to rehash the past experience (almost as good as when I'd have done it right away).
By Rowan Rodrik, 3 years ago, on March 07, 2010, at 20:03 |
Stichting EcoSafe is a Dutch foundation for the safe-keeping of the funds that are necessary for the maintenance of hardwood plantations. In July of 2006, together with Johan Ockels, I created a website for the Foundation. Johan was responsible for the organization of the whole process. This went very smooth and the website ended up being an emblem of simplicity and clarity. That's why I wanted to blog a bit about it now, even though there are a few things that I'd probably end up doing different if I were to start from scratch. [There's actually a disturbing number of things for which this is true, I'm coming to notice.]
By Rowan Rodrik, 4 years ago, on September 16, 2009, at 12:09 |
The PHP documentation for fgetcsv() states that A blank line in a CSV file will be returned as an array comprising a single null field, and will not be treated as an error. Here's a quick demonstration of this behavior.
By Rowan Rodrik, 4 years ago, on September 05, 2009, at 10:09 |
I hate modules, especially core modules. I prefer code to be tightly integrated. I want it to work together. Is that too much to ask? In Drupal, most functionality has been stuffed in modules. There's a Locale module, a Content Translation module and a Path module. What's missing is a Working Together module.
By Rowan Rodrik, 4 years ago, on June 10, 2009, at 14:06 |