Archive for the ‘Technology’ Category
The Transformation Age: Surviving A Technology Revolution
Now more than ever, information technology is dictating the way people live. Be it for superior or for worse, information technology is changing us and consequently transforming our each day lives. We are living in an age of transformation whereby a need to survive a technology revolution that is incorporated to this transformation age is a must. What spark these transformations? What will spark the next transformation? And who stands to benefit? Now, the documentary THE TRANSFORMATION AGE: SURVIVING A TECHNOLOGY REVOLUTION presents answers to such questions. To be specific, Transformation Age gives us a view of the past, present and immediate future of major information technology-enabled transformations. Now imagine. An economy in which the office is a thing of the past. A sensor system that tracks and identifies goods in transit. A camera that records each life experience in minute detail. These things might sound like dreams of a distant future but the thing is, the future is actually closer than we think. In this documentary, we widened our vision about the boundless opportunities and staggering challenges of the digital era, presenting concise case studies of 21st-century companies, entrepreneurs, and advances. Google’s business applications, Kodak’s digital ventures, Microsoft’s Sensecam, Hewlett-Packard’s high-def teleconferencing interface, Linden Labs’ Second Life universe, and Craigslist’s immensely favourite classified ads are among the developments and strategies in the spotlight. The documentary also explored some of today’s major innovations in information technology and chronicles the important breakthroughs of the past half-century. Tremendous databases, wireless communications and the miniaturization of electronics wage opportunities to make major changes in the way people work and live. The Transformation Age explores the office, the marketplace, media, finances and our digital lives as they take new forms and remove the barriers of time, distance, wealth, education and even age. Not unlike the industrial revolution, the profound impact of the digital age has re-modeled the way we live, acquire and spend money, retrieve and receive information, track products and services, and view the marketplace. Accessible, clever and insightful, The Transformation Age goes behind the scenes with technology change-agents and discovers their cutting-edge views of high tech’s breathtaking effect—not only on business paradigms, but on each day life as we knew it, know it and might know it in the future.
How to protect your php webpage from sql injection
Sql Injection
Sql injection is the most common form of website hacking, it happens when a individual affects your database without permission using sql code. For example:
A vunerable website has a login page, the password feild is not fortified from sql injection, when a coder sees this, they type ‘OR”=’ into the password feild.
The login is processed like this:
SELECT * FROM `users` WHERE username=’$ username’ and password=’$ password’
Now we will insert our values:
SELECT * FROM `users` WHERE username=’admin’ and password=”OR”=”
Notice that the password check has been bypassed. Now the code states to select any individual if the password equals nothing or nothing equals nothing, which is always true, so this will select the first individual in the database, which most-commonly is the administrator account.
So how to you prevent these attacks?
There are many methods to preventing a SQL injection, some are easier and better, but i think that its handy to know more than one. Basically the main intent is to stop, or encode the apostrophy.
Method 1 – addslashes()
In php coding there is a function called addslashes. This function adds backslashes before any characters which could cause harm to your database, or fool it into giving out wrog information. An example can be seen below:
Who’s that man? would be inserted into the database as Who’s that man? (This is not database safe)
When using addslashes:
addslashes(Who’s that man?) would be inserted into the database as Who\’s that man? (this is database safe)
Having a backslash before the ‘ means that the database does not discern it as valid sql code, and simply ignores it.
Method 2 – encryption
Encryption means that the information that is sent through is encrypted before it is sent to the database for validation, this means that the information in the database must also be encryped however.
Some forms of encryption include:
md5()
sha1()
AES_ENCRYPT()
The first two are ok for basic websites where the information that is being encrypted is not of great value, however, these have been cracked in various different ways, and tools that people can use to crack them are wildley availiable, they still wage endorsement from sql injection tho, example:
md5(‘OR”=’) = c499fdb7541fcdcfdefbace0d86bfd56
sha1(‘OR”=’) = 260144b2c2823de61faa908bc8f594ff02e2235d
Notice that once the values are encrypted they no longer contain the apostophy, this can safely be compared to the content in the database as the result of the encryption is always the same and one-of-a-kind for each string.
for more valuable or individualized information such as email addresses, date of births and passwords, I recomend using AES_ENCRYPT().
AES stands for Advanced Encryption Standard and is strong enough to protect information at the “Top Secret” level. This function however uses a different method then a basic php striing encryption, you must state this function in the SQL code itself.
To have content encrypted by AES you must have the row that your encrypted information will be stored in set to BLOB, because AES stores information as binary code.
To insert the information into the database and encode it as AES you must use a query similar to this:
INSERT INTO `table_name` VALUES(AES_ENCRYPT(‘content you are encrypting’, password) …
The “password” is anything that you choose, it must be used to decypt the data. To decrypt AES you must use a query similar to this:
SELECT AES_DECRYPT(row_name, password) AS row_name FROM table_name …
Using AES encyption has become a web standard, I can’t state that it’s 100% secure, but I think you can sleep soundly at night knowing that no one has cracked it yet.
Method 3 – filter()
In php there is a set of functions called filters, these work similar to addslashes in that they encode the harmful characters in the string into their character code, there mare many different filter functions, but the two I think you would use the most are:
filter_var(“string goes here”,FILTER_SANITIZE_STRING);
This encodes all characters that are harmful to the database.
filter_var(“string goes here 123″), FILTER_SANITIZE_NUMBER_INT);
This actually removes all characters except for numbers, and + and -, this one is perfect to make sure the content your getting is a whole number, and not text.
The filter functions also have many other uses, like validating data and returning true or false based on the different function, for example, one of the functions can validate your string and tell you, based on the makeup of the string, whether or not the string is an email address.
A full list of the filter functions and how to use them, examples etc can be found here:
http://www.w3schools.com/php/php_ref_filter.asp
As well as protecting input feild from sql attack you should also protect any content coming from the url, eg GET variables, as these can also be changed by a user. What I use as a rule of thumb is, protect everything that a individual can generate or has the capability to edit, and make sure any content that is sent through the database is exactly what you anticipate it to be, so if you anticipate it to be just numbers, dont accept text. If you follow that rule you should be fine.
Using the three methods described above, you should be healthy to safely know that no hackers are infiltrating your website, for my own websites, I use a combination of the filter functions and AES encryption when the content is individualized e.g passwords, but if it’s just standard variables (eg, individual id etc) then i would just use the filter functions.
For more information, I recomend these websites:
Basic SQL security:
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1369365,00.html
Information on filter functions:
http://php.net/manual/en/book.filter.php
http://www.w3schools.com/php/php_ref_filter.asp
Information on AES encryption:
http://www.progressive-coding.com/tutorial.php
Find more Data Admin articles from search form.
An Introduction to XML and Interactive Web Technologies
“Never increase, beyond what is necessary, the number of words required to explain anything” (William of Ockham)
The online industry development determined the necessity for more complex web based technologies, in order to bring new improvements in business management. Because increasingly more people use the new interactive web technology, it is important to know what are the most favourite of them and what their functions are.
1. HTML
What is a HTML file? HTML official study of the standard is Hyper Text Markup Language. A HTML file is a text file with an “Htm” or. “Html” extension, including besides the pure text, standard instructions (related to web design).
The language was developed in the early’90 due to demand of a universal language; HTML determined a spectacular development of the online environment. HTML tags in the document indicate to the browser how to display the file useful content.
2. CSS
CSS means Cascading Style Sheets. A CSS file is a text file with the “.css” extension, defining styles for HTML pages. The styles show in a much more rigorous way than the HTML attributes how the browser should display elements of a HTML document (text, graphics, forms, etc. ..), providing higher possibilities than the HTML standard HTML.. CSS files grant the HTML documents stylization with significantly lower effort than by using tags.
3. XML
XML means EXtensible Markup Language (official study of the standard). It was designed to handle data rigorously. XML language is special because it doesn’t contain predefined tags. Basically, XML tags are defined (constructed) only by the user. Therefore, it is an extensible language. It must be mentioned that XML is similar to HTML only in a very general way. While HTML displays data having as neutral the way in which they look in the browser, XML neutral is to structure store and transmit data in the form of individual information. HTML displays information, while XML describes and administrates information rigorously. Note: XML is not a replacement for HTML. A web trend recommends a mutual completion of the two standards by using them together in the same documents: XML will be used to describe the data, while HTML will format and display the data properly.
4. XSL
XSL means EXtensible Style Language (official study of the standard). Basically, XSL represents for XML document what CSS is for HTML, meaning a style sheet. The difference between CSS (HTML Style Sheets) and XSL (XML Style Sheets) is significant. HTML uses predefined tags (bookmarks) and their meaning is known and understood from the begin by the browser. For example, the attach defines a table, and the browser knows what it is and how to display it. By adding styles to the HTML file, we’ll indicate to the browser to display a page element (such as the exemplified table) in a certain manner, using thus time predefined CSS attributes. We know that XML doesn’t work with predefined tags, so the meaning of XML tags used by a web designer is not known by the browser. The attach in XML can be perceived by the browser as a table, a form or an nonfigurative goal and the browser will not know how to display it.
Therefore, it should be added an additional component of XML documents to translate to the browser the way in which a XML document should be displayed. This is XML. However, XSL is more than a style standard for XML documents.
Basically, XSL consists of 3 components:
ü XSLT, a language designed to transform XML documents in XHTML documents;
ü XPath, a language designed to define and isolate portions of XML documents;
ü XSL-FO, a better language that structures XML documents;
5. XHTML
What is a XHTML file? XHTML means EXtensible HyperText Markup Language (official study of the standard). It is a modern replacement of HTML language, being nearly same to the HTML 4.01 standard, an improved version, much more accurate and strict of HTML 4.0 standard. HXTML represents a XML definition type of a HTML document, a combination between HTML and XML. The advantages of using a XHTML application are multiple: XHTML tags can be read by all XML devices, while being compatible with all the web browsers without requiring additional specifications.
6. JavaScript
JavaScript is a scripting language currently used by most websites to improve the overall design, validate forms of individual data, interacting with the individual through special effects applicable to page elements according to the events generate by users. In the present, JavaScript is the most important scripting language on the Internet.
7. DHTML
First, DHTML doesn’t mean, as it might be believed, Dynamic HyperText Markup Language a so-called official designation of the standard). DHTML is basically a standard (there are no files with a DHTML extension). DHTML is a generic study adopted unanimously by web designers, which represents the art to combine HTML, CSS and JavaScript, in order to create truly interactive websites, adding a strong touch of impact on users and developing one of the most spectacular visual effects.
8. Java
Java is currently one of the most powerful platforms of software development, being an independent programming language, which brings in the online environment exceptional opportunities for client-server interaction, far beyond the well known forms, animations, games and interactive visual effects. Practically, JAVA technologies (that are often combined with other technologies or standards such as XML) represent a much shut way to the natural for implementing applications by handling successfully nearly all types of generators and consumers of information from mobile phones to online transactions management systems.
The portability and extensibility of the two technologies (Java and XML) makes them the perfect choice for to meet a range of impressive World wide web requirements, from the simplest programs to applications running on different platforms interconnected, being developed on the most advanced security stability and portability levels.
9. PHP
For a business website (that sells products) are needed about 500 content pages and 2000 pictures; despite this, there is an simple substitute to the hard work of updating and maintaining such a website. Yahoo and Amazon haven’t hired thousands of people to make regular changes to their pages, right? To add or edit a HTML web page, you must download it from the server, to apply the necessary changes and to find the other pages that might be affected because of changing the links. Then, you must apply on apiece page the required changes and to transfer it back to the server. If a website has 500 pages updated in this manner each day of the week, selling products, offering advanced search features, while tracking accurate income inventory and customers’ records, then the prospect of such work can only frighten even the most stubborn web developer.
By using a database connected to a web page through the “server-side” language, the web developer doesn’t need anymore adjustments in the pages code to change periodically their content or to offer the facilities mentioned above.
Creating dynamic and interactive websites by using the PHP technology combined with MySQL database, using an Apache server, is one of the ideal things you can do.
10. JSP
JSP is a technology substitute to PHP, used for the same purpose- to create dynamic and interactive websites. By combining Java power and extensibility with the labels script assist of use and simplicity, Java Server Pages swiftly became the most preferred language by many professional programmers to develop web-based applications.
Advanatges of Windows 2008 server
Componentization with a purpose
Microsoft has absolutely rearchitected Windows Server to be functionally componentized, a major change that has wide-reaching ramifications. At a high level, componentization grants for a more easily serviceable system, both for Microsoft and its customers. It also provides for a more secure and reliable system, because communication and dependencies between individual components is kept to a minimum.
More specifically, componentization enables some of Windows Server 2008′s most exciting new functionality, such as its image-based deployment facilities, roles-based management, and Server Core.
Server Manager
While previous versions of Windows Server featured separate management consoles for all of the various roles and features in the OS and, in Windows Server 2003, a simple Manage Your Server dashboard, Windows Server 2008 provides the new Server Manager. This is a true one-stop shop for regular management needs and is the only tool that many Windows administrators will need to use on a regular basis.
The MMC-based Server Manager provides a individual interface for managing apiece installed role and feature on the system, including Active Directory Domain Services, Application Server, DHCP Server, DNS Server, File Services, Terminal Services, Web Server, and many others. It also includes numerous valuable troubleshooting tools like Event Viewer, Services, and Reliability and Performance utilities, configuration tools like Task Scheduler, Windows Firewall, WMI Control, and Device Manager, and the new Windows Server Backup.
What makes Server Manager even more useful is that apiece section of the console’s UI gets its own dedicated home page, apiece of which includes information pertinent to the role or feature at hand, along with links to fix problems, get more information, and access other tools. It’s a thoughtful, well-designed application, both logical and useful.
Server Core
Unlike previous Windows Server versions, most Windows Server 2008 product editions can be installed in two modes, the traditional GUI-based server we’ve had since Windows NT 3.1 and a lightweight new command line-based environment called Server Core. In this new installation mode, Microsoft has stripped out virtually all the GUI, so there’s no shell (Start Menu, taskbar, Explorer windows, etc.), and tiny in the way of end individual applications; such things as Windows Media Player, World wide web Explorer, and Windows Mail are all missing, though a few GUI-based applications, like Notepad and Task Manager, are still available. For the most part, the only individual interface you’ll see in Server Core is a single command line window floating over an empty blue backdrop. It’s the eventual anti-demo.
So what’s the point? Server Core is designed to reduce the attack surface of the server to be as small as possible. As such, a Server Core install is also more limited than that of a standard Windows Server 2008 installation. It supports just nine roles, including AD, AD LDS, DHCP, DNS, File, Print, Virtualization (Hyper-V), Web Server, and WMS, compared to 18 roles in the full server.
Because Server Core is still Windows Server 2008, all of the familiar GUI-based management tools will work just fine remotely against this server. What won’t work, in addition to the missing roles, is anything that requires a true GUI or the .NET Framework. This cancels out some key Windows Server 2008 functionality, unfortunately, including ASP .NET: Server Core’s Web Server role is pretty much static only, supporting only older, non-.NET technologies like ASP.
My expectation is that Server Core will establish hugely favourite as an infrastructure (AD, DNS, DHCP, file, print) server and as a low-cost, low-end Web server. It’s a product that should compete well with Linux-based solutions.
BitLocker Full-Drive Encryption
BitLocker is a full-drive encryption solution that first debuted in Windows Vista as a way to protect data stored on easily lost and stolen executive notebook computers. It requires TPM 1.2-based hardware to store encryption keys and can be configured via Group Policy.
On the server, BitLocker is particularly valuable for machines stored in branch offices, because those servers are often less well physically fortified than the machines back in the home office. If a thief walks off with a BitLocker-protected server, they won’t be healthy to access any of the data stored on the system’s hard drives. BitLocker also works really well with some of the other technologies discussed here to create a truly secure and useful branch office solution. (See the RODC section below for an example.)
Read-Only Domain Controller
Read-Only Domain Controller (RODC) is new functionality that grants administrators to optionally configure the AD database as read-only, where only locally cached individual passwords are stored on the organisation and AD replication is unidirectional, rather than bidirectional.
So why would you want to do this? Today, many organizations are installing servers in branch offices and other remote locations, and these servers often connect back to the home office using slow or unreliable WAN links. That makes AD replication–and even authentication–an arduous and lengthy process. With RODC, the server is typically set up and configured in the home office, shipped to the remote location, and then switched on. From then on, only the individual obloquy and passwords of users who hit the server locally–and not the administrator account–are cached locally on the server.
Like BitLocker, RODC is an excellent solution for physically insecure remote servers. Indeed, if you combine RODC with other new Windows Server 2008 technologies like BitLocker and Server Core, you can configure the most secure remote server possible. That way, even hackers who acquire physical control of the server can’t take over your network. And removing the stolen RODC from your AD is as simple as checking a switch: Only those users who logged on to that organisation will need to change their passwords. You won’t have to institute an organization-wide emergency, because most users’ accounts will not have been cached on that machine.
RODC is somewhat limited in that it can only support a subset of the roles and functionality normally supported on Windows Server 2008. For example, RODC-based servers can support technologies such as ADFS, DHCP, DNS, Group Policy (GP), DFS, MOM (Microsoft Operations Manager), and SMS (System Management Server).
Internet Information Services 7
The new Web server in Windows Server 2008 is driven by a major new update to World wide web Information Services (IIS). Like the server itself, IIS 7 is absolutely componentized so that only those components needed for the desired configuration are installed and, thus, need to be serviced. It sports a drastically improved management console, supports xcopy Web application deployment and delegated administration, and is backed by a new .NET-based configuration store, which replaces the previous, monolithic, configuration store.
Terminal Services
Terminal Services (TS) sees some major changes in Windows Server 2008. The new TS RemoteApp functionality grants admins to remotely deploy individual applications to desktops, instead of entire computer environments, which can be confusing to users. These applications download and run on individual desktops and, aside from the initial logon dialog box, function and look nearly exactly as they would were they installed locally. This functionality requires the new Remote Desktop client, which shipped in Windows Vista and can be downloaded for Windows XP with SP2 and above.
TS Gateway lets you tunnel TS sessions over HTTPS outside the corporate firewall, so that users can access their remote applications on the road without having to configure a VPN client. This is particularly useful because VPN connections are often blocked at wireless access points, whereas HTTPS rarely is.
TS gets a few small but useful changes as well. These include TS Simple Print, which makes it simple to print to local printers from remote sessions, 32-bit color support in TS sessions; and seamless copy and paste operations between the host OS and remote sessions.
Network Access Protection
Microsoft first planned to ship simple and easily configurable network quarantining functionality in Windows Server 2003, but it’s here at last with Network Access Protection (NAP). This feature grants you to setup security policies for your network: When a client system connects, NAP examines the device to make sure it meets the stipulations of your security policies. Those that do are granted online. Those that do not–typically machines that only connect infrequently to the network, such as those used by travelling employees–are pushed aside into a quarantined part of the network, where they can be updated. How these updates happen depends on the configuration of your environment, but once that’s complete, the system is given full access again and granted back on the network. NAP includes remediation failback to Windows Update or Microsoft Update if the local Windows Server Update Services server is unavailable, and compatibility with Cisco’s Network Admission Control (NAC) quarantining technologies.
Windows Firewall
For the first time, Windows Server ships with a firewall that is enabled by default. The new Windows Firewall is bidirectional and works seamlessly with all of the roles and features you can configure in Windows Server 2008. In fact, the Firewall is part of the new roles-based management model: As you enable and disable various roles and features, Windows Firewall is automatically configured in the background so that only the required ports are opened. This is a major change, and one that could hamper compatibility with third celebration products, so testing will be crucial.
Command line and scripting goodness
Those who like to automate their servers will rejoice at the new command line and scripting enhancements in Windows Server 2008, though I’m a bit concerned by the haphazard and temporary nature of some of these changes. In this version of Windows Server, we’re seeing the beginning of the transition from the old DOS-like command line to the new .NET-based PowerShell environment. For now, however, you’ll need to have a toe in both environments to ideal take advantage of the new capabilities. Server Core, for example, does not support PowerShell.
One the command line side, we get two major additions: A Server Core management utility called oclist.exe and a command line version of Server Manager called servermanagercmd.exe. Both are designed with the same premise, providing ways to configure and manage the roles that are doable under apiece environment.
PowerShell is a complex but technically impressive environment, with support for discoverable .NET-based objects, properties, and methods. It provides all of the power of UNIX command line environments with none of the inconsistencies. The issue, of course, is whether Windows-based administers will swiftly move to this new command line interface. Sadly, Windows Server 2008 doesn’t help matters much: It doesn’t ship with any PowerShell commandlets–fully contained scripts that can be executed from the command line–that can handle common management tasks. Microsoft tells me it will ship Windows Server 2008 commandlets on its Web site over time, however, and it anticipates a healthy community to swiftly evolve as well.
Hyper -V
One of the most important and future-looking technologies in Windows Server 2008 isn’t even acquirable in the initial shipping version of the product. Instead, Microsoft is shipping a beta version of its Hyper-V virtualization platform with Windows Server 2008 and will update it automatically when the technology is finalized sometime after mid-2008. Hyper-V is a hypervisor-based virtualization platform that brings various performance advantages when compared to application-level virtualization platforms like Virtual Server. Compared to market leader VMWare, Microsoft’s offering is immature and unproven, but its inclusion in Windows Server 2008 is sure to garner Microsoft some attention and market share. And there are advantages to this bundling: From a management perspective, Hyper-V is installed and managed as a role under Windows 2008, just like DHCP, file and print services, and other standard roles. That means it’s simple to configure, manage, and service.
Find more Data Admin articles from search form.