BLACKBELT

Articles

Database MySQL

Securing MySQL Databases via GRANT Permissions

I’m of the personal belief that you should never grant all MySQL permissions to a user other than root. When deploying and setting up websites, one of the first things I do is create a per-environment database user with access…

Development Lithium PHP Security

Lithium CSRF Protection

CSRF attacks are among the most common security threats that affect web applications. The details of how CSRF attacks work have been covered extensively around the web. If you want to learn more, I strongly recommend reading Chris Shiflett’s popular…

PHP

FTP File Downloads with Auto Resume in PHP

I recently battled downloading a large (500+ MB) file via PHP’s native FTP functions. I tried several methods, including ftp_get and ftp_nb_continue, but I was continuously receiving error messages. The messages themselves are next to useless in determining the root…

PHP

Make Composer Globally Available

This is just a friendly tip on how to make Composer (a PHP dependency manager) globally available on your machine. All you really need to do is make sure to place the composer.phar file to a directory contained within your…

CSS Front-End Development SASS

Useful SASS Mixins: CSS Triangle

While many CSS shapes seem like just a novelty, triangles are very practical. I’ve used them as ‘active’ indicators in navigation, on tooltips, and a few other places where I’d have to use an image to match the design otherwise.…

Ember.js

Adding Custom Attributes to Ember.js Form Elements

The Problem Ember.js has a limited set of user definable attributes that can be passed in to their form controls by default. Below you will find a list of supported attributes for each form element control: Ember.Button type, disabled, href,…

Fedora MySQL

Fedora 16 MySQL 5.5.25a-1 Installation Error and Fix

I have faced a recurring problem these last few weeks with the installation of MySQL 5.5.25a-1 via the Remi repository on multiple machines. Below is an example of the error encountered during installation in /var/log/messages: Jul 29 01:19:13 mysqld-prepare-db-dir[749]: Initializing…

MySQL PHP Security

Escaping MySQL ‘LIKE’ Queries in PHP

Unlike most common MySQL escaping scenarios in PHP, one needs to take extra precautionary measures when implementing a LIKE query. LIKE queries contain special qualifiers for term matching, % and _, which the user could maliciously include in their search…

Development Lithium PHP

Lithium PHP Method Filters

A unique feature of Lithium is its method filter system. To summarize, it allows for intercepting method calls as well as modifying arguments and return values. This not only makes for some interesting ways to extend the framework but also helps maintain better separation of cross-cutting concerns.

Development PHP Security

Secure PHP Authentication Revisited

Awhile back I had posted on the topic of Securing PHP User Authentication, Login, and Sessions. While the majority of methods for increasing obscurity remain true, the hashing algorithms used have become increasingly insecure. If you have not done so,…

CSS Front-End Development

Fixing the CSS Box Model

The concept of the box model is unintuitive. You can’t simply specify a 100% width on a block level element with a margin or padding and have it stay within the confines of the parent bounding box. Luckily, there’s a…

Deployment

Common Git Problems and Solutions

Over the course of a few years using git, I’ve come across several situations which required a bit of help from Google to get me through. Below you will find a number of common questions regarding git workflow and links…

Development PHP Zend Framework

Override the Default Zend Escape Method

By default, using $this->escape() in your view files makes a call to Zend_View_Abstract::escape(). The problem with the implementation of Zend’s default escape method is that it’s a little lackluster in terms of security. It does not have any exception handling…

Development Performance PHP

PHP Memcache vs. Memcached

You may or may not be aware, but PHP has two separate module implementations wrapping the memcached (as in memcache daemon) server. The memcache module utilizes this daemon directly, whereas the memcached module wraps the libMemcached client library and contains…

Products

Introducing ClickDummy – Mockups That Click

At my employer, Skookum, we recently launched an application for web designers, freelancers, and UI designers alike called ClickDummy. Clickdummy is currently 100% free and allows anybody with a series of screenshots (mockups) to turn them into a full blown…

Database Development MongoDB PHP

Important MongoSession Updates

I have posted a couple of important updates to MongoSession (a PHP MongoDB Session Handler) that I’d like to share with you. I have removed the secondary indexed id field which should speed up operations as well as reduce the…

Kohana

Dear Kohana, I Detest Your 3.x Website

I’ve got a bone to pick with the Kohana development team. I just wasted a couple hours out of my day adding functionality to their core Validate class only to find that the functionality had already been added in a…

Facebook Security

“Likejacking” Term Catches On

Back in late April, following Facebook’s f8 conference, a few articles began trickling out regarding possible security concerns with the new “Like” button. I had, at that time, unknowingly positioned myself as the potential originator of the term “likejacking.” In…

Development PHP

A Quick Implementation of String Sort in PHP

There’s not a whole lot of PHP algorithms floating around. Perhaps people just rely upon the SPL. I had a curiosity to find a string sorting algorithm written in PHP and I didn’t find any non array-based solutions. The implementation…

Linux OS

Linode LAMP Stack Script for Fedora 11 and CentOS 5.3

For starters, StackScripts™ provide a flexible way to customize Linode distribution templates. While browsing through the public Linode Stack Scripts for RHEL distros I noticed there was no fully automated LAMP stack script so I took the liberty of creating…

Theory

Why I Love Programming

It’s hard not to be fascinated by computers. They’re overwhelmingly powerful. It’s humbling knowing that if I can conjure up some ridiculous idea in my head, I can probably turn it into a computer program. There aren’t many professions out…

Development PHP

Advanced Method to Retrieve the Client IP in PHP

There are perhaps hundreds if not thousands of articles on obtaining your visitor’s IP address. The majority if these entries will refer to a small subset of global $_SERVER variables (HTTP_X_FORWARDED_FOR, HTTP_CLIENT_IP, and REMOTE_ADDR). Although both fast and simple solutions…