Microsoft URLScan and POST problem

I recently encountered a problem on a clients Windows 2000 server SP4, who had a php site installed on IIS 5.0. But it was showing a strange behavior. Pages pushing data via POST were not getting processed, rather it was throwing a 404 error. Obviously it was because the allowed verbs in IIS were limited to GET and HEAD only. So the simple solution was changing the allowed verbs to include POST in the IIS administration panel. But as always happens, it was easier said than done. The problem was that IIS wouldn’t start; splashing an ugly ‘unable to connect to the machine‘ error. Microsoft knowledge base suggested some changes to the registry; but I could not mess with that solution, as the site was live.
(more…)

Read More

Adminer – a fast MySQL administration tool

adminer1Before you go ahead and think that you don’t need yet another MySQL management tool, I think you should at least take a quick look at this one. Adminer is a single file (yes! everything in a single php file) tool to manage all your MySQL related tasks. All you have to do is upload the adminer.php file to your server and voila! you are ready to go. No messing around with huge software’s to manage your database. Weighing only 170KB, its easy to upload to any server. A demo of the same is included on the Adminer site.
(more…)

Read More

Top 25 Most Dangerous Programming Errors

Security has always been an issue in software development; mainly due to ignorance, laziness and a nonchalant attitude of programmers (I’m one of the guilty ones). ‘Security’ is the one section in a project scope that gets consistently ignored by not only the developers but also management. In defense of myself and other programmers I would have to say that writing secure software is hard work, and with all the pressure from management and clients to get the software delivered, its no wonder that programmers turn a blind eye towards security. But that is surely not an excuse to deliver a product full of security vulnerabilities.
(more…)

Read More

Creating a .htaccess file on Windows

Everyone who has tried creating a .htaccess on windows knows that Windows Explorer does not accept the ‘.’ character as the first character of a file. For most of you this may be old stuff, but for the newbies, the quick way to create the file is to open the command prompt and type:

copy con .htaccess [press enter]
[press ctrl Z]

The second way is to:
Open notepad and save the document with file name .htaccess with the ‘save as type’ set to ‘All Files'; or save the document with file name as “.htaccess” including the quotes.

Read More

Quick way to determine if php is running at the command line

Many times it is necessary to determine if the php script is running on the command prompt. Recently I wrote a php shell script which could also be run from a browser and needed to decide in the code if to output a '\n' or a ‘html break’ after a text line.

The following simple function returns a true if the script is run from a command prompt and false otherwise.
(more…)

Read More