SamuelL
-
Posts
7 -
Joined
-
Last visited
Posts posted by SamuelL
-
-
Larry,
I have found the solution as to why it is. There are 2 different $_SESSION['destroyed'] variables that exist for 2 different sessions. Sorry for the bother...
-
There is a second function but I couldn't upload it. It is in the manual. The second function is for session_start() and also checks if $_SESSION['destroyed'] is set.
Maybe its like a race between the two functions for $_SESSION['destroyed'], I am not really sure.
-
Hey Larry,
Just a quick question about regenerating session id. Why does the php manual set a time stamp on the old session but then quickly deletes it by unsetting the variable. I have attached a screen shot of the example from the php manual website. It is the second example from: http://php.net/manual/en/function.session-regenerate-id.php
-
Hello Larry,
I came across some questions when developing on localhost and enabling https. Xampp's apache configuration file: httpd-ssl.conf, has the following commented out:
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512Looking up recommendations, I found out that I should enable the urandom library like so:
#SSLRandomSeed startup file:/dev/random 512
SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
SSLRandomSeed connect file:/dev/urandom 512However, is there a reason why it is commented out? Maybe newer versions of php already implement it somehow or the library was declared somewhere else which means I shouldn't even be doing this myself? I ask this because the php manual says that session.hash_function and session.entropy_file were removed in some newer versions of php and the php.ini file?
My second question is why is it 512 and not 256 ? I assume that the number indicates a sha function to be used with php?
-
Hello Larry,
I had a question regarding php.ini file. Have the newer versions changed the way session.entropy_file and session.hash_function work? Because the manual says they were removed, but does that mean deprecated? I searched for these settings under the 'php.ini session' section but did not find them. My purpose for searching for them was to edit them to use dev/urandom instead of dev/random and then hash with sha256. That leads me to another question. But I think Ill post that under a different post and title because it is kinda different.
Thanks Larry.
-
Hello Larry,
My name is Samuel and I bought your book to learn more about security techniques. Anyway, I had a question about your connection.php file from CH18. Your MySQLi code works fine, but I wrote my own version using PDO. My question is whether your custom error handler would still work in this case... Because you used the trigger_error( ) function differently than I did.
I attached snapshots of your code and my code. I hope you can give me some advice or point me to the right direction.
Ch. 17 Forums (Data Base Question: How to add a 'like' table?)
in PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
Posted
Hello Larry,
I thought CH 17 Forums was well put and easy to implement. If I were to add a Like functionality to the database design. Then it would look as follows:
posts_table
thread_table
user_table
like_table
This database design looks normalized, but the 'like_table' would hold all likes for all posts? This seems like a table that would be very heavily populated and queried? What do you think about this Larry? Thanks I appreciate your response to these forums.