A Look at Some Essential Security Considerations

Tagged Under : , , , ,

How secure is your website? Ben Charnock has put together a great article on Nettuts that focuses on security aspects of modern websites. His section on the % (like) operator in SQL and the limits of mysql_real_escape_string(); have made me re-think some of my coding practices.

Hit up the below link and start protecting your scripts!

NETTUTS - Can You Hack Your Own Site? A Look at Some Essential Security Considerations.

301 How to Redirect a Web Page in ASP, ASP.NET or PHP

Tagged Under : , , , , , ,

50200735006880.jpg301 redirect is the most efficient and Search Engine Friendly method for webpage redirection. It’s not that hard to implement and it should preserve your search engine rankings for that particular page. If you have to change file names or move pages around, it’s the safest option. The code “301″ is interpreted as “moved permanently”. If been looking around for the ways on how to do this. So this is what i’ve found:

ASP.NET

1
2
3
4
5
6
<script runat="server">
private void Page_Load(object sender, System.EventArgs e){
Response.Status = "301 Moved Permanently";
Response.AddHeader("Location","http://www.new-url.com");
}
</script>

Classic ASP (ASP3.0)

1
2
3
4
5
6
<%@ Language=VBScript%>
<%
Response.Status="301 Moved Permanently"
Response.AddHeader "Location","http://www.new-url.com/"
Response.End
%>

PHP Redirect

1
2
3
4
5
<?php
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.new-url.com" );
exit();
?>

Redirect Old domain to New domain (htaccess redirect)

The code belew, which you place into a file called .htaccess in the root folder of your old domain, will ensure that all your directories and pages of your old domain will get correctly redirected to your new domain.

The .htaccess file needs to be placed in the root directory of your old website (i.e the same directory where your index file is placed)

1
2
3
Options +FollowSymLinks
RewriteEngine on
RewriteRule (.*) http://www.new-domain-name.com/$1 [R=301,L]

NOTE: REPLACE www.new-domain-name.com in the above code with your actual domain name.

NOTE: This .htaccess method of redirection works ONLY on Linux servers having the Apache Mod-Rewrite moduled enabled.

Redirect to www (htaccess redirect)

Create a .htaccess file with the below code, it will ensure that all requests coming in to domain.com will get redirected to www.domain.com

As with the last example, the .htaccess file needs to be placed in the root directory of your old website (i.e the same directory where your index file is placed)

1
2
3
4
Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domain.com [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]

NOTE: Replace domain.com with your domain name

NOTE: Both of these last examples ONLY works on Linux servers having the Apache Mod-Rewrite moduled enabled.

And there you have it. You can Test your redirection with Search Engine Friendly Redirect Checker

Installing Ubuntu Server LAMP, SSH, FTP, Webmin and phpMyAdmin for a newbie

Tagged Under : , , , , , , , ,

I’m not interested in using Linux for my desktop, Gnome and KDE really don’t do it for me and Windows XP is doing me fine - though I am looking forward to moving my studio onto a Mac Pro. Another big reason Linux as a desktop isn’t for me is that Adobe’s Creative Suite 3 does not, and won’t by the looks of things, support any flavor of Linux.

I’m after a new Server environment. I’m in the process of switching from Classic ASP (ASP3) over to PHP5. I’ve been using MySQL religiously for my dev work. But what I really want access to is the speed and reliability of Apache and PHP running on Linux. Also the chmod in ftp will save SO MUCH TIME when setting up blogs or any other site that requires permission changes.

So it’s time to learn - and by learning I mean command lines. Back to the good ‘ol DOS days.

I found Ubuntu 7.10 Server to be the solution for me. Why? Because a) It’s built on Debian and 2) they are the best at marking their flavor of Linux and bringing it to the attention of us Windows users.

Also a great feature that I found is that in around 15 minutes you can have a LAMP (Linux, Apache, MySQL and PHP) server up and ready to go! You just select it during installation!

The LAMP option means you don’t have to install and integrate each of the four separate LAMP components, a process which can take hours and requires someone who is skilled in the installation and configuration of the individual applications. Instead, you get increased security, reduced time-to-install, and reduced risk of misconfiguration, all of which results in a lower cost of ownership. New pre-configured installation options have been added to the Ubuntu Server. Mail Server, File Server, Print Server, and Database Server options join existing LAMP and DNS options for pre-configured installations, easing the deployment of common server configurations.

Here’s what will be installed

  • Ubuntu Gutsy Gibbon 7.10
  • Apache 2.2.4
  • Mysql 5.0.45
  • PHP 5.2.3

Installing Ubutnu Server I found to be really simple and once I did it a couple of times (due to errors on my behalf) I quickly found it even easier to install then Windows 2003 Server

Read the rest of this entry »

Permalinks on IIS - not so hard!

Tagged Under : , , , , , ,

I’ve been able to find a solution that actually solves the problem and makes permalinks on IIS work right without the “index.php” in the URL!

If you can follow this then it’ll be sweet and simple!

Nathan Moinvaziri
http://www.nathanm.com/

Install Instructions

To remove the Index.php from Wordpress you must do the following.

Redirect your custom 404 error page to / or to the root relative path of your blog.
Remove the /index.php part from your permalinks option in Wordpress.
Install and activate the plugin.

The solution can be found at http://www.nathanm.com/myprojects/#plugin.

About halfway down the page, you’ll see “Wordpress - Remove Index.php from Permalinks in IIS Plugin” with a link pointing to the plugin ZIP file located at http://www.nathanm.com/projects/removeindex.zip.

I will write a post with a complete step-by-step walkthrough of how to set this up using WSFTP, Plesk 8 and Wordpress 2.2.1 in the next day or two.