I’m looking for a couple authors that are also interested in contributing back to the community. We all receive a lion-share of input, utilities and resource from the online community and this blog is designed to be a forum to allow us to give back.

It’s not mandatory that the posts be long and since this is wordpress, we’re happy to take posts from a wide array of topics as tagging and categorizing are built in. The requirements are minimal. Of course, we ask that you have a technical background so that the posts are related to technology. Within that scope, we are open to desktop support, programming, new technological advances, articles on resolving worms/virus issues. security alerts, etc.

If you’re interested, reply to this post or send an email to shaun-at-olebox-com. I am excited to open this up to a broader forum and look forward to reading the articles that our community contributes.

Of course, we are a free forum of volunteers with the focus of being an open resource for end users. Unfortunately we do have expenses (hosting/broadcasting) we ask that you visit our ad sponsors to help us cover these re-occuring fees.

- Shaun

Data validation and sanitizing is extremely important in all server-side scripting languages. It protects the database from malicious website attacks as well as unintentional/unexpected errors for website visitors. This article is in no way all-inclusive, but will provide a couple tips on how you can better protect your database.

First, it’s important that you check that the data that is provided by he site visitor matches the data format that is expected. For this, I suggest using sprintf(), a built-in PHP function. You can use regular expressions to check data format, but this, I’ve found is a safe method to validate data formats.

Sprintf() works as follows:
$my_text = “The quick brown fox jumps over the lazy dog.”;
$letters_in_alphabet = “26″;
Sprintf(“The following text uses all %d letters of the alphabet: %s”, $letters_in_alphabet, $my_text);
In the previous example, you provide the string and all of the % indicators will be replaced with the following variables in the order they appear. With this in mind, the %d validates that digits are being placed in that position of the string. The %s does the same, but validating that the provided data is a string.

The above example doesn’t interact with a database, so I’ll provide another that does:
$sql_text = sprintf(“SELECT * FROM tbl_users where username = ‘%s’ AND user_id = %d;”, $_POST);
The above $sql_text variable replaces the %s and %d with the corresponding values in the value list. So there are the basics of the Sprintf() function.

The above illustrates the data validation part of protecting the database. The following will briefly provide instruction on how to sanitize the database. For the purpose of the following examples, we’ll assume your using MySQL. PHP offers a variety of sanitization methods based on the database technology being used.

mysql_real_escape_string() escapes the MySQL reserved characters, such as apostrophes, quotes, @, etc. For example:

User types:That’s great, he said, “This is a good example.”

When the above is sent to a MySQL database, the apostrophe or quotes could cause MySQL errors. It’s important that we escape the reserved characters to allow it to be entered into the database as the user typed it. The above example would be replaced as follows:
User types: That’s great, he said, “This is a good example.”
$user_data = $_POST; (we are assuming that user_text is the name of the user populated form field)
$safe_data = mysql_real_escape_string($user_data);

echo($safe_data); // displays: That\’s great, he said, \”This is a good example.\”
The backslashes protect the database to prevent malicious or unintentional database errors related to user provided input. If you put bothof the security measures in place, you substantially improve the stability of your database and the security of your data. Lastly, I’ve provided an example utilizing both methods:
$user_data = $_POST;
$safe_data = mysql_real_escape_string($user_data);
$note_id = $_GET; // we’ll assume the value of id in the url is 4
$sql_statement = sprintf(“UPDATE tbl_notes SET body = ‘%s’ where id = %d;”, $safe_data, $note_id);
echo($sql_statement); // displays: UPDATE tbl_notes SET body = ‘That\’s great, he said, \”This is a good example.\’ where id = 4;
Again, by no means is this article intended to be all-inclusive of database security but is a great addition to any website to improve stability. Hopefully, this will help to better secure some of the websites out there. If you have any questions or additional suggestions, feel free to leave a reply.

I found this article on Linux and Site Security and thought it would be useful to spread around. Hopefully it helps others with the vatying security methods that are out there for websites. It briefly covers RFC 4732 which is tailored towards DOS (Denial of Service) attacks, but can be blended into other security protocols.

Today’s post is going to be about security on Linux and Unix, since we’re building up to doing some work with CAPTCHA in the near future and need to keep ourselves awake and interested To be more specific, today’s post is going to deal with site, and user, security on the Internet (although you could apply these examples to various arenas). As we all know, maintaining a decent level of personal and professional site security on the Internet is possible to a degree. Unfortunately, as long as there’s profit in breaching that security, building industries devoted to thwarting those breaches or some interdependent mish-mosh of the two, there’s no way to achieve absolute security on the Internet unless you opt not to use it (The Internet, that is

The Linux and Unix Menagerie: Linux And Unix Internet User And Site Security – How Much Is Too Much?