// archives

admin

This tag is associated with 6 posts

Exploiting web development worst practices: file inclusion

By Kristóf January 25, 2010 2 comments

And then PHP code that he has written will get executed on your server. It could do almost anything. Download any file you store on the server. Change other users’ sessions, changing their preferences, putting things into their shopping cart, etc. Access the database, stealing passwords (you do store passwords encrypted, I hope?), stealing e-mail addresses, residential addresses, whatever you store on the database. It can create new files, uploading viruses or phishing websites.

Cloud power!

By Kristóf November 20, 2009 2 comments

We all know in theory the advantages of load-balanced high availability clusters, but we often forget that they are also fun to build and operate.
Yes, I’m at fault of calling it a cloud when it’s rather a cluster, but who can resist the siren call of buzzwords? :) Cloud usually implies virtualization besides using multiple [...]

The Tao of Programming

By Kristóf October 31, 2009 5 comments

The text was clearly written in an era when mainframes was just being replaced by personal computers. But from the sayings of “the master programmer”, and other invaluable gems, it’s clear that the human side of our beloved computing, and especially the management of programmers, have not changed much at all.

How to get screwed on the Internet

By Kristóf September 30, 2009 3 comments

A few weeks ago I had a chat about the state of Internet security with a friend who runs a hosting company, and he told me that the majority of the websites they host are cracked. This is because people just install just a forum/blog/gallery/etc software, but most have no idea that such installations have to be constantly “security patched”. Then, sooner or later someone finds an exploitable bug in that particular engine, and then their website is used to send spam, facilitate phishing attacks, host viruses, or worse.

Freebsd Apache doesn’t like “env”

By Kristóf August 10, 2009 Post a comment

NOTE TO SELF: To fix the HTTP 500 error in Mercurial’s hgwebdir.cgi, it was needed to change the first line from  “#!/usr/bin/env python” to “#!/usr/local/bin/python” .

Open source key-value databases

By Kristóf June 8, 2009 One comment

A hétvégén belemélyedtem kicsit a kulcs-érték adatbázisok megkutatásába, illetve a map/reduce (mint funkcionális programozási teória, és napjainkban már gyakorlat) mikéntjébe. Megnéztem egy marék nyílt forráskódú adatbázist, idemásolom a jegyzeteimet, egyrészt, hogy nekem meglegyen, másrészt hátha segítség lesz egyszer valakinek. Dőlt betűvel azok a dolgok, ami miatt (számomra, és egyenlőre) kiesett az adott termék:
Scalaris: Google: 194.000. [...]

Keep in touch!