Home Accessibility Courses Twitter The Mouth Facebook Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
A small teaching program - demonstration of principles only

Putting a program on a public facing web server is like putting a car on the driveway outside your home, then going away on holiday. You had better make sure the car is locked, and that if it's an open-decked truck there's nothing left on the deck. Or you had better make sure that the driveway is secured. And thinking about that security, and putting it into place, is potentially a lot more effort and thought than just parking.

When I'm teaching newcomers to programming, just as if I was teaching a first time driver, I'll help them write their program from frist principles and let them see how it runs. Then I'll demonstrate what can happen when the program's left to the attention of untrained users or malicious ones (like the ones who write 'DROP DATABASE' or NULL or <h1> as their use name) and show them how to batten down the hatches against such mistakes and attacks.

On a course, I can project these early, insecure programs and indeed we can play with them and see the problems - but I'm very wary about posting the source code on line because someone, somewhere will comment on a forum or review me or email me to say the program's insecure to which my answer is "I know read the effing commentary!".

In that spirit - some early PHP examples ... too small to be useful, to valuable as teaching examples to be lost:

A calculation in PHP - [here]

A calculation in PHP with a variable - [here]

A calculation in PHP with a variable suppied by the user - [here] - old style "register globals" and so insecure it no longer works by default if at all!

A calculation in PHP with a variable suppied by the user - [here] - new style and bit more secure - but don't be fooled - still prone to injections!
(written 2016-02-08)

 
Associated topics are indexed as below, or enter http://melksh.am/nnnn for individual articles
H117 - Security in PHP
  [345] Spotting a denial of service attack - (2005-06-12)
  [426] Robust checking of data entered by users - (2005-08-27)
  [920] A lion in a cage - PHP - (2006-11-10)
  [947] What is an SQL injection attack? - (2006-11-27)
  [1052] Learning to write secure, maintainable PHP - (2007-01-25)
  [1086] Injection attacks - safeguard your PHP scripts - (2007-02-20)
  [1323] Easy handling of errors in PHP - (2007-08-27)
  [1387] Error logging to file not browser in PHP - (2007-10-11)
  [1396] Using PHP to upload images / Store on MySQL database - security questions - (2007-10-19)
  [1482] A story about benchmarking PHP - (2007-12-23)
  [1542] Are nasty programs looking for security holes on your server? - (2008-02-17)
  [1679] PHP - Sanitised application principles for security and useability - (2008-06-16)
  [1694] Defensive coding techniques in PHP? - (2008-07-02)
  [1747] Who is watching you? - (2008-08-10)
  [1779] Injection Attacks - avoiding them in your PHP - (2008-08-31)
  [2025] Injection Attack if register_globals in on - PHP - (2009-02-04)
  [2628] An example of an injection attack using Javascript - (2010-02-08)
  [2688] Security considerations in programming - what do we teach? - (2010-03-22)
  [2939] Protecting your images from use out of context - (2010-08-29)
  [3210] Catchable fatal error in PHP ... How to catch, and alternative solutions such as JSON - (2011-03-22)
  [3698] How to stop forms on other sites submitting to your scripts - (2012-04-15)
  [3747] An easy way to comply with the new cookie law if your site is well designed - (2012-06-02)
  [3813] Injection Attacks - PHP, SQL, HTML, Javascript - and how to neutralise them - (2012-07-22)

H103 - PHP - Variables, Operators and Expressions
  [483] Double Dollars in PHP - (2005-11-02)
  [748] Getting rid of variables after you have finished with them - (2006-06-06)
  [2215] If nothing, make it nothing. - (2009-06-02)
  [3278] Do I need to initialise variables - programming in C, C++, Perl, PHP, Python, Ruby or Java. - (2011-05-05)
  [3916] PHP variables - dynamically typed. What does that mean? - (2012-11-08)
  [3917] BODMAS - the order a computer evaluates arithmetic expressions - (2012-11-09)
  [4324] Learning to program - variables and constants - (2014-11-22)


Back to
Using an MVC structure - even without a formal framework
Previous and next
or
Horse's mouth home
Forward to
From last July (2015)
Some other Articles
Sometimes you wonder about people. And perhaps you should not.
What are callbacks? Why use them? An example in Python
In your room at Well House Manor, Melksham, Wiltshire
From last July (2015)
A small teaching program - demonstration of principles only
Using an MVC structure - even without a formal framework
Who was Doctor Beeching and what was his axe?
Working out the costs of running a bus service through the day
TransWilts Community Interest Company AGM - 13 Feb 2016, Swindon
People matter - but there is a tradeoff between different people in there
4759 posts, page by page
Link to page ... 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96 at 50 posts per page


This is a page archived from The Horse's Mouth at http://www.wellho.net/horse/ - the diary and writings of Graham Ellis. Every attempt was made to provide current information at the time the page was written, but things do move forward in our business - new software releases, price changes, new techniques. Please check back via our main site for current courses, prices, versions, etc - any mention of a price in "The Horse's Mouth" cannot be taken as an offer to supply at that price.

Link to Ezine home page (for reading).
Link to Blogging home page (to add comments).

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho

PAGE: http://www.wellho.net/mouth/4642_A-s ... -only.html • PAGE BUILT: Sun Oct 11 16:07:41 2020 • BUILD SYSTEM: JelliaJamb