Introduction IP Spoofing - is it feasible?
IP spoofing is the attack used by hackers to steal a user’s IP address. IP spoofing involves spoofing a Transmission Control Protocol (TCP) connection, since IP Addresses are passed within TCP packets. When two hosts want to establish a TCP session, they must synchronize their connection using a TCP mechanism called "3 way handshake". This mechanism is composed of three phases:
MySQL vs. Oracle Security
I have recently started a course on Database Security and had some difficulties in deciding whether to use MySQL or Oracle as the Database system for lab assignments. I got into the MySQL vs. Oracle debate that has been going on since before the web started. As you might imagine, the reasons to use either database over the other can fill entire books, so I tried to compare them based on their main feature sets.
How to Dynamically get your site's Main or Base URL
Using a Base URL variable throughout your website is mandatory, Since this website may be moved to a new domain at sometime, and we wouldn't want to go through all our code and make changes to the paths. Here we discuss how you can generate the Base or Main URL for your website.
Of course you can just use
OR
<?php
$base_url = $_SERVER['REQUEST_URI'];
?> Building a Simple PHP Templating Class
In this tutorial we are going to setup a very simple PHP template class.
I don't want to bore you with all the information about why use a template class,
and stuff like that, I'm sure you already googled that, and thats why you're here, so lets get straight to it. NOTE: The code in the template is minimal for simplicity purposes, you are free to use this template class as a base for developing your own. So our templating class needs to have the following functionalities:
- Load a template file
- Set values to the variables in the template file
- Parse the template file into a php variable to use it within other templates
Should we use Singular or Plural Database Table Names
Well, I have been in a Dilemma about this for a while. After reading several posts on Singular vs Plural Database table names, I finally concluded that both have its advantages and disadvantages, and that everyone has their own opinion on this, and that the most important thing is that your naming conventions are consistent across the database since it would be annoying to remember which table names are plural and which are singular. I can therefore conclude that naming your database tables with Singular or Plural names is up to the developer. However, here are a few things to consider when choosing your naming convention:
Protect your FB Account from Hackers
A friend of mine logged into her account yesterday after 2 weeks of being off facebook, and was devastated to see that she had shared pornographic images with friends and family; I had a good laugh about it, but she was madd... After seeing an outburst of facebook accounts being hacked, including lots of my friends accounts, i have decided to share some knowledge on things you can do to reduce the risk of your facebook account being hacked. So there are several things you can do to protect your account from being hacked, we will go through each one of them in detail here, and how to implement each one.
Secure Socket Layer - An Overview
Secure Socket Layer
In a perfect world, persons using the internet would be browsing websites without hackers being able to gain access to their information. However, this world is not perfect and internet users are vulnerable to attacks carried out by hackers; On the internet, and data you send can be seen and manipulated by others. The currently used solution for this problem is websites allowing their users to use Secure Connections to browse the internet.
Session Hijacking Facebook Accounts
This is a tutorial that demonstrates just how simple it is to get access to facebook accounts without the user's password or username. This tutorial demonstrates Session Hijacking (discussed here: http://www.cleverlogic.net/tutorials/session-hijacking-0). This is a simple attack done on an unsecured wifi network with the permission of all users on the network.
The aims of this tutorial are:
Session Hijacking
Session Hijacking is an attack by which a hacker exploits a valid computer session and gains access to a client’s session identifier. Since HTTP is a stateless protocol, when a user logs into a website, a session is created on that Web Server for that user, this session contains all this user's information being used by the server so the username and password is not needed at every page request. The server uses a unique identifier(Session Identifier) to authenticate this user to this session, this session identifier is passed between the web server and the user's computer at every request.
