somebody's been php'in ... - Dangers of source code disclosure for web site security

-

Menzis: somebody's been php'in ...


A `$` is not always a positive thing to see, especially in the title of your favourite website not be rendered, but a value replaced where this variable $name appears). So, hopefully the general health of the website is otherwise acceptable...

More seriously, such Source code disclosure ('code leak thru') bugs can indicate security faults: when code fails to render, it may inadvertently leak algorithm details or even worse connection strings and other sensitive details that a hacker may exploit...


Comments

Post a Comment

Popular posts from this blog

null++ and its alternatives - NULL as an anti-pattern and some alternatives - stateless functional code

-
Image
  Notepad++ is a great and free text editor with many practical features, such as line-sorting, multi-file and directory find-and-replace, and excellent encoding support. However, programming is hard, and even the noble Notepad++ has been caught off guard in the war on bugs:  To NULL or not to NULL... A display full of NULLs is not that desirable, but on the other hand is better than random, uninitialized data, or worse, reading beyond assigned buffers into memory regions containing data this user is not supposed to see.  The history of NULL is a controversial one: it was, somewhat like JavaScript, cheap to implement at the time and seemed a good idea. However, notoriously, even the inventor of NULL considers the invention to be a mistake . At first glance, and when used in a very limited scope, NULL seems a sensible construct: a global kind of default 'this is not set' value, that is reliably detectable, as opposed to some random memory garbage. Issues arise when the NU...
Read more

whoa! Chrome crash! - UX challenge of presenting a catastrophic failure

-
Image
A kind of California style, cool and casual way to tell the user that something truly bad has happened to the Google Chrome browser.   why ask? Although this is a "mere browser" and not the OS (there is still a difference, right?) - this does not seem so much different or better than Microsoft's prompting the user when the dotnet platform exhausts memory . Such an error seems unrecoverable - like a catastrophic failure, there is no choice to be made - so why ask? The user really does not have much choice - so why prompt? and why should the user need to decide what to do with your bug?
Read more

Windows, Windows 10 and disk fails - Advantages of the Linux file system over Windows

-
Image
Down through the years, it is unfortunate but true that any diehard Windows user will have experienced a serious disk failure. While it is true that like any mechanical device, disks are prone to occasional error, and like everything in this universe, eventual decline unless work is done, there are fundamental reasons why the Windows Operating System is more prone to disk issues that Linux based systems. Given the same hardware, and allowing for different flavours of Linux and file systems, generally Linux disk systems tend to be better performant and more reliable: - Linux filesystem avoids fragmentation, where the free space of a disk becomes broken up over time into smaller parts, and then newer large files must be broken apart in order to fit into the free space. Fragmented drives tend to perform more slowly, and defragmenting is a slow process. - Linux seems to make better use of caching, where file contents is read and written in memory (the very fast, volatile storage of a compu...
Read more