security in java

By: Unknown on 06:48

Security
Watch for uninitialized variables
<?php
if($user=='rasmus') {
$ok = true;
}
if($ok) {
echo "$user logged in";
}
?>
 
Catch these by setting the error_reporting level to E_ALL. The above script would generate this
warning (assuming $user is set):
<b>Warning</b>: Undefined variable: ok in <b>script.php</b> on line <b>6</b>
You can of course also turn off register_globals, but that addresses the symptom rather than the
problem.


Never trust user data!
<?php
readfile($filename);
?>
Turning off register_globals doesn't make this any more secure. The script would instead look like
this:
<?php
readfile($HTTP_POST_VARS['filename']);
?>
The only way to secure something like this is to be really paranoid about cleaning user input. In this
case if you really want the user to be able to specify a filename that gets used in any of PHP's file
functions, do something like this:
<?php
$doc_root = $HTTP_SERVER_VARS['DOCUMENT_ROOT'];
$filename = realpath($filename);
readfile($doc_root.$filename);
?>
You may also want to strip out any path and only take the filename component. An easy way to do
that is to use the basename() function. Or perhaps check the extension of the file. You can get the
extension using this code:
<?php
$ext = substr($str,strrpos($str,'.'));
?>


Again, never trust user data!
<?php
system("ls $dir");
?>


Take this standard file upload form:
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="100000">
Send this file: <INPUT NAME="myfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
The correct way to put the uploaded file in the right place:
<?php
/* Not under DOCUMENT_ROOT */
$destination = "/some/path/$myfile_name";
move_uploaded_file($myfile, $destination);
?>
If you are uploading files to be placed somewhere under the DOCUMENT_ROOT then you need to
be very paranoid in checking what you are putting there. For example, you wouldn't want to let people
upload arbitrary PHP scripts that they can then browse to in order to execute them. Here we get
paranoid about checking that only image files can be uploaded. We even look at the contents of the
file and ensure that the file extension matches the content.
 
<?php
$type = $HTTP_POST_FILES['myfile']['type'];
$file = $HTTP_POST_FILES['myfile']['tmp_name'];
$name = $HTTP_POST_FILES['myfile']['name'];
$types = array(0,'.gif','.jpg','.png','.swf');
list(,,$type) = getimagesize($file);
if($type) {
$name = substr($name,0,strrpos($str,'.'));
$name .= $types[$type];
}
move_uploaded_file($myfile, "$DOCUMENT_ROOT/images/$name");
?>
                                         "News powered by"
                                 
                                                    

                                        

Read More

constants in php

By: Unknown on 06:18

A constant is a name or an identifier for a simple value. A constant value cannot change during the execution of the script. By default a constant is case-sensitive. By convention, constant identifiers are always uppercase. A constant name starts with a letter or underscore, followed by any number of letters, numbers, or underscores. If you have defined a constant, it can never be changed or undefined. To define a constant you have to use define function and to retrieve the value of a constant, you have to simply specifying its name. Unlike with variables, you do not need to have a constant with a $. You can also use the function constant to read a constant's value if you wish to obtain the constant's name dynamically.

 


 constant function
 As indicated by the name, this function will return the value of the constant. This is useful when you want to retrieve value of a constant, but you do not know its name, i.e. It is stored in a variable or returned by a function.
constant example:
 <?php 
define("MINSIZE", 50);
 echo MINSIZE;
 echo constant("MINSIZE"); // same thing as the previous line ?> 
Only scalar data (boolean, integer, float and string) can be contained in constants.
Differences between constants and variables  
There is no need to write a dollar sign ($) before a constant, where as in Variable one has to write a dollar sign. Constants cannot be defined by simple assignment, they may only be defined using the define function.  Constants may be defined and accessed anywhere without regard to variable scoping rules.  Once the Constants have been set, may not be redefined or undefined.
 Valid and invalid constant names:
 // Valid constant names 
define("ONE", "first thing");
 define("TWO2", "second thing");
 define("THREE_3", "third thing") // 
Invalid constant names 
define("2TWO", "second thing");
 define("__THREE__", "third value");
PHP Magic constants: 
PHP provides a large number of predefined constants to any script which it runs. There are five magical constants that change depending on where they are used. For example, the value of __LINE__ depends on the line that it's used on in your script. These special constants are case-insensitive and are as follows:
 A few "magical" PHP constants ate given below:

 Name                                                             Description

 LINE                       The current line number of the file. __FILE__ The full path and filename of the file.  If used inside an include,the name of the included file is returned. Since PHP 4.0.2, __
FILE                     always contains an absolute path whereas in older versions it contained  relative                                                        path under some circumstances. __
FUNCTION                       The function name. (Added in PHP 4.3.0) As of PHP 5 this constant returns the function name as it was declared (case-sensitive). In PHP 4 its value is always lowercased. 
CLASS                   The class name. (Added in PHP 4.3.0) As of PHP 5 this constant returns the class name as it was declared (case-sensitive). In PHP 4 its value is always lowercased.
 METHOD              The class method name. (Added in PHP 5.0.0) The method name is returned as it was declared (case-sensitive).
 What is Operator? 
 Simple answer can be given using expression 4 + 5 is equal to 9. Here 4 and 5 are called operands and + is called operator. PHP language supports following type of operators. 
Arithmetic Operators
 Comparision Operators  
Logical (or Relational) Operators 
 Assignment Operators 
Conditional (or ternary) Operators 
Lets have a look on all operators one by one.
                                                         
                                        "News powered by"
                                                                 

 

Read More

sensor programming

By: Unknown on 05:14

Dialect of C with support for

components

•

Components provide and require interfaces

•

Create application by wiring together components using

configurations

Whole-program compilation and analysis

•

nesC compiles entire application into a single C file

•

Compiled to mote binary by back-end C compiler (e.g., gcc)

•

Allows aggressive cross-component inlining

•

Static data-race detection

Important restrictions

•

No function pointers (makes whole-program analysis difficult)

•

No dynamic memory allocation

•

No dynamic component instantiation/destruction

.

These static requirements enable analysis and optimization

nesC interfaces are bidirectional

•

Command:

Function call from one component requesting service from another

•

Event:

Function call indicating completion of service by a component

•

Grouping commands/events together makes inter-component protocols clear

interface Timer {

command result_t start(char type, uint32_t interval);

command result_t stop();

event result_t fired();

}

interface SendMsg {

command result_t send(TOS_Msg *msg, uint16_t length);

event result_t sendDone(TOS_Msg *msg, result_t success);

                                                                                                      

Modules

contain implementation code

•

Configurations

wire other components together

•

An application is defined with a single top-level configuration

TimerM

StdControl

Timer

Clock

module TimerM {

provides {

interface StdControl;

interface Timer;

}

uses interface Clock;

} implementation {

command result_t Timer.start(char type, uint32_t interval) { ... }

command result_t Timer.stop() { ... }

event void Clock.tick() { ... }

}

                     "News powered by " 

                   

 

                       

     

Read More

Infarared touch system programming

By: Unknown on 04:51

A Carroll Touch infrared touch framework comprises of a touch controller and touch edge or a consolidated touch casing and controller. The touch framework utilization checking infrared (IR) bar engineering to discover specialist info. Creating an unobservable framework of IR light shafts before the host feature presentation screen, the touch framework reports touch data when the IR light field is hindered by a stylus (normally a finger). This data can be utilized by a touch requisition as comparable requisitions use information from indicating gadgets, for example, a mouse, light pen or trackball.
 
Touch Frames
The typical Carroll Touch touch frame is a thin, flat rectangle comprised
of four joined printed circuit boards (PCBs). Two adjacent PCBs contain
arrays of IR light emitting diodes (LEDs), while the other two PCBs
contain arrays of photo transistor/receivers. Each IR LED and the
photo transistor opposite it is called an opto- pair. The IR LED of each
opto-pair emits an IR light beam that is detected by the photo transistor.
The x-axis and y-axis arrays of opto-pairs are pulsed sequentially to
create a grid of IR beams, as shown in Figure 1-1.
 
 

Figure 1-1. Infrared Touch Frame
A beam, or a beam pair, consists of an IR LED and phototransistor
directly across from each other in the touch frame.
 
Touch Controller
The touch controller is the circuitry required to create and monitor the
IR grid. A sequence of electrical pulses is sent to the LEDs to create the
grid of IR beams in front of the video display surface. This grid of IR
beams is the touch active area.
When a stylus enters the touch active area, light beams are obstructed at
a particular location on the grid. The touch frame then transmits to the
controller a list that indicates which beams have been interrupted. The
controller converts this list into an x, y coordinate that identifies the
location of the touch. The x, y coordinate data is transmitted to the host
processor via the PC bus or the RS-232 serial port and is then processed
and used by the application program.
 



Interpolating Touch Coordinates
To achieve finer resolution than the physical IR beam grid provides,
Carroll Touch IR touch systems interpolate a virtual beam between each
pair of physical beams. The physical beams are assigned even numbers
(0, 2, 4, and so on). The virtual beams are assigned odd numbers (1, 3,
5, and so on). The combination of physical beams and virtual beams
results in a set of logical beams.
The coordinate system formed by the logical beams is called the logical
coordinate system. The origin of the logical coordinate system (0, 0) is
located in the upper left corner of the display. When multiple beams are
interrupted, the touch system averages them and reports one x, y logical
coordinate pair to the host, a process known as beam averaging.

Reporting Touch Coordinates
For a touch to be reported, at least one x beam and one y beam must be
interrupted. If no beams are interrupted in either the x- or y-axis, the
touch is ignored.
The lowest logical coordinate reported for any axis on any touch frame
is zero. The maximum logical coordinate that may be reported for a
given touch frame axis may be determined from the number of physical
beams on that touch frame axis as follows:
Maximum logical coordinate = 2 x (number of physical beams - 1)
For example, on a frame that has 40 x-axis beams and 30 y-axis beams,
the maximum logical coordinates for the frame are:
Maximum logical x coordinate = 2 x (40 - 1) = 78
Maximum logical y coordinate = 2 x (30 - 1) = 58
Therefore, the reported coordinates would range from 0 to 78 on the
x-axis and from 0 - 58 on the y-axis.

                                        "News powered by"

                                           

                                                  

Read More