Jump to content
Larry Ullman's Book Forums

SamuelL

Members
  • Posts

    7
  • Joined

  • Last visited

Posts posted by SamuelL

  1. Hello Larry,

    I thought CH 17 Forums was well put and easy to implement. If I were to add a Like functionality to the database design. Then it would look as follows:

    posts_table

    • post_id
    • thread_id
    • user_id
    •  etc

    thread_table

    • thread_id
    • etc

    user_table

    • user_id
    • etc

    like_table

    • like_id
    • post_id
    • user_id
    • etc

     

    This database design looks normalized, but the 'like_table'  would hold all likes for all posts? This seems like a table that would be very heavily populated and queried? What do you think about this Larry? Thanks I appreciate your response to these forums.

  2. Hello Larry,

    I came across some questions when developing on localhost and enabling https. Xampp's apache configuration file: httpd-ssl.conf, has the following commented out:

    #SSLRandomSeed startup file:/dev/random  512
    #SSLRandomSeed startup file:/dev/urandom 512
    #SSLRandomSeed connect file:/dev/random  512
    #SSLRandomSeed connect file:/dev/urandom 512

    Looking up recommendations, I found out that I should enable the urandom library like so:

    #SSLRandomSeed startup file:/dev/random  512
    SSLRandomSeed startup file:/dev/urandom 512
    #SSLRandomSeed connect file:/dev/random  512
    SSLRandomSeed connect file:/dev/urandom 512 

     

    However, is there a reason why it is commented out? Maybe newer versions of php already implement it somehow or the library was declared somewhere else which means I shouldn't even be doing this myself? I ask this because the php manual says that session.hash_function and session.entropy_file were removed in some newer versions of php and the php.ini file?

    My second question is why is it 512 and not 256 ? I assume that the number indicates a sha function to be used with php? 

  3. Hello Larry, 

    I had a question regarding php.ini file. Have the newer versions changed the way session.entropy_file and session.hash_function work? Because the manual says they were removed, but does that mean deprecated? I searched for these settings under the 'php.ini session' section but did not find them. My purpose for searching for them was to edit them to use dev/urandom instead of dev/random and then hash with sha256. That leads me to another question. But I think Ill post that under a different post and title because it is kinda different.

     

    Thanks Larry.

     

    questionpicture.pdf

    question_pic2.PNG

  4. Hello Larry,

    My name is Samuel and I bought your book to learn more about security techniques. Anyway, I had a question about your connection.php file from CH18. Your MySQLi code works fine, but I wrote my own version using PDO. My question is whether your custom error handler would still work in this case... Because you used the trigger_error( )  function differently than I did.

    I attached snapshots of your code and my code. I hope you can give me some advice or point me to the right direction.

    PDO.PNG

    MYSQli.PNG

×
×
  • Create New...