WebWise Wardens

Creating a Web Management System Using PHP & MySQL

2007-07-14T14:43:03Z

I'm in the process of creating a Web Management System usng PHP & MySQL. I am also going to write a book on how to do it. I have decided to blog the sections as I go, although I will be skipping around the chapters so my blog will not reflect the exact book layout, making it worthwhile for those who are really interested in the whole process to buy the book. Blog and the ITToolbox Blog. You can sign up for email notifications, FeedBlitz or RSS feeds at both blogs so you won't miss anything. I will place something referencing the book in the title of the blog so you will know which posts are going to be specifically associated with the book. I will appreciate comments. I turn off comments on my personal blog after 30 days, so please e-mail me with comments if you can't post a comment. The book will be split into two sections. The first section will provide information that is used by the module chapters. There will only be basic pieces that will be expanded on in the module chapters. For instance there is an Authorization chapter in the module chapters, but a basic login screen will be created for the Security chapter. The second section will contain a piece of the website called a module. You can pick and choose which modules you want for your own website. There will be no information in a particular chapter which will be required for a different module than the presented module. This is the table of contents so far: Chapter 1 - Introduction Chapter 2 - Security Chapter 3 - Object Oriented Programming Chapter 4 - Templates Chapter 5 - Content Management Chapter 6 - Application Framework Chapter 7 - Debugging Chapter 8 - Testing Chapter 9 - Source Code Management Chapter 10 - Database Management Chapter 11 - Authorization Chapter 12 - News Chapter 13 - Member Area Chapter 14 - Contact Manager Chapter 15 - Mailing List Chapter 16 - Newsletter Appendixes

62721-070714-544350-33 Rate content:

© 2007 All Rights Reserved.

]]>

Safari Browser for Windows?

2007-06-23T18:55:23Z

A couple of weeks ago I downloaded the new Apple Safari browser beta. While there is lots to like about it, it still has a way to go to become the fourth browser I keep open on my computer. Currently I have two SeaMonkey browser windows open, one FireFox browser window and seven IE7 browser windows open. I tried Safari as a substitute for four of the seven IE windows. It didn't work out. And here are the six reasons why: 1. I have a four button plus scroll wheel mouse. I use every button and the scroll wheel. The two extra buttons are the "Back" and "Forward" buttons on the browser window so I don't have to move my mouse to those buttons on the browser. In Windows, I have set the default behaviour of my scroll wheel to page through documents instead of scrolling one line at a time. In Safari, none of these things work. 2. There was no way to get a dropdown of the favorites. It showed up on the screen and then I had to drill down through the various favorite folders to get to the page I wanted to go to. 3. Memory hog. Although all browsers are memory hogs, IE7 is the only browser that as you close tabs and windows (opened with CTRL-n) that reduces the memory it takes. 4. Handle hog. One time I only had two Safari browser windows open, with 2 tabs each and the amount of handles it was using was over 2,000! 5. Browser window size. Using CTRL-n to open up another window in any other browser, opens it the same size and spaced a little bit down and over from the original one. Not Safari. 6. Password saving. When I wasn't paying attention to what I typed as a user, and as a touch typist with the right hand one key over, I typed the wrong username and password. And saved the username/password combination. The first character was correct. So when I entered the correct username and password, it saved it too. But whenever I went to enter the username afterwards it always showed the garbled usersname and entered the password. When I select the correct username from the dropdown it would not change the password to the selected username. And because I couldn't delete the garbled username/password combination (another bug), it was like I never saved it. So I'll wait for it to go out of beta and try again. It did have a way of sending bug reports to Apple, which I did for the first four items, and hopefully they read them and will do something about them.

DBA vs the Rest of the Company

2007-04-16T19:45:15Z

I have been reading some interesting blog posts over at ITToolbox. There is a debate/discussion about the DBA vs developer situation. The post that started it all was Ralph Wilson's entry titled "Ten Most Irritating DBA Habits and Responses" . Then Dratz posted some responses of the DBA to the developer in a comment. And Dratz posted an entry in his bog refering to Ralph Wilson's blog entry. When I found myself starting to compose a large comment that didn't quite go with what was being said in either blog entry, I had to create my own post.]]> my comment there! Any ways, here are my responses to some of the situations I've been with the DBAs.

I did drive one DBA crazy one day when I deleted a whole bunch of records and needed them restored. Although what he did in response, was a pain in the neck, it was definitely something we needed. He wrote a program that would first show us how many records a particular SQL statement would affect if it was a delete or update. Then it would ask us if we really wanted to perform the operation. There was one time I helped the DBAs solve a major problem. They had done an upgrade of a post office address checker database application (I don't remember all the details of it, but it was an outside application probably from the USPS) and all of a sudden an application was hanging. To recover we had to get the DBA to reset something. What I did was set up a program to run every few minutes which checked the address of the company, and if the program couldn't access it, it paged the DBA who was on call. After about a week they discovered that it had something to do with the database now was opening up a new process for each query or something like that, and it ran out of processes after about 18 hours of use. BTW, this program was in the scope of my job function as the liaison between the help desk, the user, the developers, the sys admins and the DBAs. At first I wasn't paging the DBAs, but when I would call them before they discovered the hung database, I eventually asked them if they wanted to be on the paging list. Once they were on the paging list, they had a greater desire to solve the problem. At the last company I worked for before I went out on my own, the DBAs were overworked. It was painful making changes to the databases, and even though we were right next to them, they still had other groups in the whole company to support. Also, only one of the two were really knowledgeable so if he was on vacation or took a day off, we were left waiting.

What Can You Do About ID Theft?

2007-03-08T13:15:20Z

Did you know that 15 million Americans have been victimized in a year period? That's a lot of identity theft.

What are you doing about it?

]]> Check out this article about identity theft.

Again, what are you doing about it?

You can do what many people are doing - ignore it and maybe you won't have a problem with it. Even if you were not on the internet, you still are a candidate for identity theft. With all the laptops disappearing, and hackers getting into computer systems, you are just lucky that you are not affected.

Your Social Security Number could be used by an illegal immigrant and you would never know. An illegal immigrant needs a SSN to work. Social Security does not care if there are two different people with the same SSN. They keep track of each one separately. And Social Security does not inform the original owner of the SSN that some one else is using their SSN.

If you have children, you need to be checking their credit report. This is the easiest form of identity theft because it may not be noticed until the children grow up. Because of IRS rules, each of your children have a Social Security Number, which can be used to get credit. Children have good credit scores.

One thing I have done is sign up with LifeLock to secure the identities of my entire family. You can try it free for 30 days. Then if you continue it is either $10/month or $120/year per adult and $2.50/month or $30/year per kid.

What they do:

Sets fraud alerts on all of your credit reports at Equifax, Experian, TransUnion and ChexSystems. This is supposed to also stop the pre-approved credit offers filling your mailbox. These fraud alerts need to be renewed every 90 days.
Free credit reports from the major credit bureaus every year.
Checks credit reports every ninety days to ensure that there is no activity.
Checks for open checking accounts.
Obtains a work history from the Social Security Administration to ensure that no income is being reported on your child's SSN.
$1 Million guarantee

I think this last item is the best part of this service. And now I can sleep well at night.

Where Have I been?

2007-02-21T00:02:31Z

Busy, busy, busy...

I've been trying to work on several projects that were due the day before yesterday, and I got the assignment yesterday. Also, I've been taking two classes at the semi-local technical college.

]]> The classes are fun. It's a nice drive to get to class and get out of the house for a couple of hours twice a week. One of the courses, Advanced PHP Programming, is a little bit redundant with my experience, but the idea is to get talking with others and see things from a different perspective.

The other course is to work on my goal to become a Security Expert. First I have to get to understanding networking, so I'm taking CCNA 1 & 2 in one semester. The printouts of the labs that are due for the class is over 2" high.

The projects have also been fun. But would have been more fun if I didn't have to get them done the day before yesterday.

One project, a quiz, was interesting. I had been creating quizes using perl and a well modified open source program. Now it is in PHP. If you want to check out my work here is the link.

There were a bunch of clients with opt-in newsletters, Blogs to set up, and a contact form using NMS tfmail for emailing the information. I'm going to have to replace NMS tfmail because the bots are getting to it.

Then to reuse the opt-in program, I have one site that has a bunch of forms that request stories, comments, journal entries, etc. that I use the opt-in format to verify that they really did enter the information.

That is a small hint of what I've been doing for the last month and a half.

Its Been a While

2007-01-09T16:45:45Z

Between the holidays and starting a new blog with ITToolbox, I have forgotten to post an entry here.

I have signed this blog up with a Technorati Profile.

Now that the holidays are over, its time to post.

]]> Except I don't have a lot to talk about. You can check out my new blog at ITToolbox called "<I Have MySQL Installed For My Website, Now What?".

Hard Drive Crashes

2006-11-13T20:00:14Z

I was reading a blog entry about the author having a hard drive crash. That got me thinking about the experiences I have had with my hard drives and back ups.]]> The last disk drive crash I had....

Well, the only one I had was the church's main computer where I had stored all the text for songs for the overhead projector. (The church had their mailing list.)

I still have stuff on my current hard drive from DR Dos and Win 3.1. Every time I upgraded disks I copied the disk to the new one. When I upgraded the OS, I'd zip the old files in case I needed them (and I did when I just recently upgraded from 2000 to XP).

I have tried to delete old stuff, but maybe I need a harddrive crash to get me to start all over.

Until I started working at home in 2002, the only thing I really needed backed up was my Quicken data. Now I have tons of pictures (most backed up on CDs and DVDs and distributed around the country), and all my files for web development (which are currently backed up as of 3 months ago on the drive left over from the last hard drive upgrade).

I almost lost it all, not exactly from a hard drive crash, but from my killing the EIDE controller on my motherboard by managing to install DDR memory backwards. Fortunately the harddrive survived. Although my main drive was a SATA at the time. Oh and the reason I got a SATA drive was because my old harddrive would boot only 1 out of 3 tries, just constant rebooting the other 2 tries.

Back in 2000 I did start to have a backup plan using a tape drive, except with the expansion of the hard drive it started taking up more and more tapes and the procedure was so quirky that I quit - after all I really didn't need a back up for just Quicken data.

So what is my back up plan? I have a DVD writer that I have never used because I don't have good software for it (I stole it out of a computer that the disk for the dvd software was only usable on that computer). I do need to have a plan in place soon... before disaster strikes...

Any one have a good back up plan?

Airport Security

2006-11-06T13:14:06Z

Recently an Indiana University Bloomington computer security student, Christopher Soghoian, posted a custom boarding pass creator for Northwest Airlines on the internet. It was taken down almost immediately by the FBI. According to an article by Robert Vamosi, this points out flaws in airport authentication. The fact that the airlines and security rely on paper tickets (or boarding passes) with an id. But there is no way of knowing that the ticket is valid.

]]> According to another article by Joris Evers, Chris has not been charged but there is an investigation whether he violated any federal laws. He never actually tried to use a fake boarding pass or even print one. All he did was write a PHP script.

Read Chris's blog about the situation here. There is also a link there to donate to his legal defence fund.

There are many issues in this situation and I have only touched the surface. I found many links to other articles about this security issue, and it is a big one too.

Star Wars Security

2006-10-19T13:53:41Z

I just finished watching the 6 Star Wars movies over a two week period and since I don't own them, I can't go back and look at specific things. Just rely on memory and what is out on the internet for information.

I don't know about you, but the 6th movie (3rd produced) leaves me with an unfinished feeling. Here the rebellion just finished off the Emporer (or did they - we never saw him actually die), and there is one trained Jedi Knight and one untrained Jedi. Back when the first three movies were out, I remember hearing that there were going to be a total of 9. I was just reading an article on the internet that came out just after the 3rd movie (6th produced) that there were supposed to be 12 movies.

]]> Today I'd like to discuss the security in the Star Wars series. I would like to know what you think about it. Please place your comments here, or in your own blogs with trackbacks so I can read the posts.

In particular, I'm concentrating on the last three (or the first three produced). They're the ones I have seen more often. Since these films were produced in the 70s and 80s they have the security mindset of that era. Of course we'll take into account the fact that currently a lot of security breeches take a lot more time, both in real time and the time it would take in the movie to show everything, than is acceptable for a movie.

First, I want to point out the issue of the fact that R2D2 could connect just about anywhere and get full access to information. What modes of hacking is he using?

Spoofing an authorized user?
Is it wise to use a universal connector?

Second, in the last movie even R2D2 couldn't open the blast door so Han Solo tried to hot wire it. Is this possible with current technology. If a person has all the time in the world (the time allotted by the movie) can he open up the security device to just hot wire the open door signal to let him in? This is a somewhat personal question. We have just installed a new garage door opener at my house. It has a device on the outside that if I enter an access code, the door will open. Can this device be taken apart and made to work? Especially since there is no other security devices (cameras) around it to protect it?

Third, in the last movie, the rebels got a hold of an enemy ship with passcodes and everything. They were also able to commandeer an enemy walker (don't know the name of it - the thing with 4 legs and guns on it). As we saw with 9/11, should it be possible for any one to operate the vehicle? What security should be used so that only authorized users operate the vehicle?

Fourth, from one of the earllier movies (one of the first three - last three to be produced), the Jedi had a very impressive library computer which had everything in it. A star system was erased out of it. How do you back up something like that? How do you make sure no one changes the data - even those who might have real authority to do so?

Is the United States of America safer than it was 5 years ago?

2006-09-11T13:12:22Z

No, the US is no safer than it was 5 years ago. We may not have another target as big as the World Trade Center. But little terrorist attacks can wear us down so that we no longer care about the situation until the next one hits.

]]> Just look at how people are looking at the war in Iraq now. When we first went to war, there was a large majority behind the troops. Now we have protestors at soldiers funerals claiming that God is laughing when soldiers die. As a Christian, I hurt for those who have to see these protester's signs. I don't even want to advertise this group of people by posting their website as proof of their hate. Thank God that we have others who go to help with a counter protest.

I hurt for any one who has to see any protest saying that God hates them. God doesn't hate people. He hates sin. Sometimes it is hard for people to see through their sin that God loves them. God is a God of Love, but sometimes love must be tough, but that is not today's message.

Today I want to discuss the security of the nation and of the world. Where are we going, and where have we come?

Do you realize how much unprotected border the US has? Do you realize how much open space there is for people to hide, especially in the more rugged countryside? After all, how long did it take to capture Buck and he was confined to a small area of the US? How long does it take for the FBI to find the people on its 10 most wanted, even when they air tv shows about them?

Are airplanes safer than they were 5 years ago? Yes and no. An airplane can still be hi-jacked. But ithe passengers will usually act like those on Flight #93 five years ago. People understand that there are ways of fighting back.

There are ways of getting around almost any security device using social engineering or finding an insider to help. There are people who can spend hours watching and waiting to get information. Even the police do that. And now with cameras being so small, all a person needs is the time to hide them where the camera can record the information they want.

There are many more possibilities of security issues that I don't even have the space in this blog to mention. The US people as a whole are still naive when it comes to technology. Some don't want to know more. Some don't have the time. Some just can't understand it.

I still haven't answered the question of where are we going. That is a big question. Where are we going? What do you think?

How Did You Get Your Start in IT

2006-06-29T16:03:40Z

I was just reading an article about how children are only learning how to be comfortable with computers which isn't necessarily an entry to becoming an IT professional. In my Dinasaurs blog entry, I touched on my start in computers. But that isn't how I got into IT. I didn't get into IT until years later.

]]> Since my Mother had a Computer Science Minor in college (and worked for her degree while I was growing up), I had an understanding about computers from a young age - especially for the '70s. But when I went to college my Mother told me that I didn't want to major in Computer Science. It should be more of a minor. So since my interests were in Math and Foreign Languages, I chose to start college with major in Math and possibly a minor in a Foreign Language.

My Mother also told me to look at Engineering schools (which she claims she never did, but there is no reason why I would have considered one without her recommendation). I applied to several universities and got into only 2 of them. I chose the smaller one, Lehigh University, which also happened to be miles away from home and in another state.

During my Freshman year many students asked me what I was going to do with a Math major besides teach and I had no answer for them. I was friends with several Engineering students who were taking a computer course. They seemed to be having so much fun, that I had to try it. But it was an engineering course and you had to be majoring in Engineering.

I went to the Dean of the Arts and Science school to ask about changing to Engineering. He recommended taking an interests test to be sure I'd be interested. I did and of course I scored high on Engineering. So I took the Engineering Computer course and had so much fun. This particular course also had a weekly session for explaining each of the different Engineering degrees Lehigh offered. When the Electrical Engineering Dean came to talk, he mentioned a new degree called Computer Engineering. He also mentioned a few of the characteristics of some one who would be interested in it. I fit those characteristics perfectly.

At that time I officially changed my major to Computer Engineering. BTW at Lehigh at the time there was no Computer Science degree offered. I managed to get my Bachelor of Science in Computer Engineering by going an extra semester (don't ask what my GPA was - I GRADUATED).

But this still wasn't IT. (To be continued.)

Technospeak (Part 2)

2006-06-02T03:15:04Z

Someone who read my entry on Security mentioned that she didn't understand what I was talking about. I do need to know when I'm speaking in Technospeak. Unfortunately there isn't a Babel Fish translation for Technospeak. And I have a tendency to speak it. For those who missed Part 1 of Technospeak, please click here.]]> Adware - Programs or cookies on your computer which delivers ads that depend on monitoring your internet use. This could be useful if you want to have ads that you're more likely to find something you want. But the down side of this is that you are being monitored. Startup Alerts - Monitoring your computer to make sure that changes to the startup aren't made without your knowledge. Actually this is more of a monitor. Some programs you download will cause a program to be run on statup. Each entry in your startup will take time. Remember when you first got your computer and how fast it started. Now how long does it take? WinPatrol also has a program youcan run to check what is running at startup. Pop-up - Any window that pops up on the screen. Also can be a pop-under, but I don't think these are as common anymore. Some of the applications I have been recommending cause pop-up windows to show up. One of the problems with pop-up windows is that you can't always tell where they came from. They could be coming from your computer telling you about a very real problem. Or it could be a website that is trying to convince you that you absolutely need to buy their software. They also cause a distraction when you're trying to do something. I hope these definitions help.

What is ethical?

2006-04-27T03:47:35Z

A blog I read on a daily basis (whether or not there is a new post) is one by Security Monkey. I have learned a lot about security. Today he hit the jackpot with comments on "Geeks Take Down Dirty C-Level Executives" The question is whether or not the Geeks were ethical. The C-Level Executives certainly were not. My guess is that if they weren't being unethical they were way over in that grey area. They certainly didn't expect all the stuff that got sent on the corporate email. Yes, email has to be considered public. But how public is it? Also, there are many cases of email being sent to the wrong person. One thing to remember too, is that email can be forwarded far and wide by recipients. And those on the forwarded list can forward it further and wider. Many commenters to Security Monkey believe this entry is an urban legend. But since I have have read his blog from start to this last entry, I fully believe him. He has always changed names and some minor details so that the people and companies involved cannot be recognized. What do you think about the ethics of the geeks?

Technospeak (Part 1)

2006-04-20T01:10:55Z

Someone who read my last entry on Security mentioned that she didn't understand what I was talking about. I do need to know when I'm speaking in Technospeak. Unfortunately there isn't a Babel Fish translation for Technospeak. And I have a tendency to speak it. Let me go back and give a few definitions. Virus - something bad. Just because you're running Linux or OS/X or even an earlier Mac, doesn't mean you can't get one on your computer. New virii are being created every day. Virus Scanner or Antivirus Software - a program which runs on your computer and watches every file, program and email that is processed on your computer. As I mentioned in my last post I installed McAffee on my computer but it and another program slowed down my computer so much, that I removed it. If one came with your computer you should use it. And make sure you pay for the subscription so that you are protected in to the new virii that are coming out every day. Firewall - Hmmmm. No definition in my mind. Just a good thing to have. I had a firewall first on my computer since the McAffee CD I had bought in 1998 or so didn't work in my old CD drive and never got around to installing it. This can help prevent virii from spreading (another story). A firewall watches every program just like the virus scanner, but it makes sure the program doesn't do something like use your modem to make expensive phone calls, or even contact a webpage when you're not expecting it. These are some of the bad things that bad programs can do to your computer. Spyware - A program that is watching websites you go to, steals passwords and other spying on what you're doing on your computer This is the most dangerous type of program. The ones that collect passwords will send those passwords and credit cards to somewhere else so that they can access your bank accounts, use your credit card to buy expensive stuff, or in general steal your identity. And it isn't just a program. Some websites you go to put cookies on your computer so that other websites can read them and know what sites you tend to go to so that they can show you ads that you might be more likely to click on. This may sound like a good thing, but do you really want people knowing everything you buy? (Update: I've added links to some better definitions for some of the definitions I gave here.)

Why Security Part 1

2006-04-03T15:23:05Z

Some website owners are wondering why they need security. These may be the same ones who do not have a virus scanner, spyware detection software on their personal computers they use to connect to the web. They also may be ones who do not have a firewall on their computer. To tell you the truth, I don't have a virus scanner running on my computer at all times. Last year I bought the McAfee virus software. I have been using Zone Alarm Firewall for years. The two do not get along very well so I stopped McAfee from starting up when I booted up the computer. Since I am very careful, and I was only fooled twice over two years ago, I can get away without virus software running. Last month I did start it up and got the updates for McAfee when there was supposd to be that really bad virus. But most users should not do what I did. (Do what I say, not as I do!) But not all people are as computer literate as I am. Also, most of the early email virii only caused big problems if you were using MS Outlook. I use Netscape Communicator, and have been for over 7 years. I am running the current version, Netscape 8.1. The big question is: What security software out there is the best? That is a hard question, and the answer can vary from version to version, and depends on how adaptable the user is to new programs. I don't have a real answer. All I can do is tell you what I am using. Current Computers: Workstation - Windows 2000 Laptop - Windows 98 (hey the laptop was free!) Virus Software Recommendation: Don't use McAfee if you're using Zone Alarm. In July, when my current contract with McAfee is finished, I will be trying out the Zone Alarm suite. Note: On the laptop it seems to run ok. Firewall:I'm using Zone Alarm Pro on my home workstation, and the free version of Zone Alarm on my laptop. Spyware Detection: Spybot Search & Destroy on the workstation. It causes the laptop to crash on startup, so I am not running it there. I also have MS AntiSpyware. Except for the 7 items it found when it first ran months ago, it hasn't found a thing. But it doesn't seem to be causing any real slowness of my computer, so I have left it on the workstation. Adware detection Ad-Aware SE on the workstation. I run it whenever I remember that it doesn't have an automatic scan. Startup Alerts This alerts the user when software inserts a program into the system startup. I have three popup messages when this happens. One from Zone Alarm. One from Spybot S&D. And a third from Win Patrol. Special Folder Alerts I don't have a technical name for this category, but software installs some files in either the Root folder, Windows folder or Windows System folder. Most of these are valid programs, but it is nice to know when this happens. I use Boot Alert to tell me when this happens. It runs on startup and if there are any differences (files now missing or new files) it will alert the user. Pop-ups I have multiple programs watching these for me. Netscape and Firefox have their own pop-up stoppers, which I use. One problem with using Netscape and Firefox together, is that they're based on the same program, Mozilla. Therefore each thinks the other is a popup! And I use Pop-up Stopper. Now the question is where do you get these programs! AdAware McAfee MS AntiSpyware (or Defender) Spybot S&D WinPatrol Zone Alarm Note: All of these except McAfee have free versions. If you find any of the products useful, you may want to get paid versions.