• Advertisement

Jason Zelos

  • Content count

  • Joined

  • Last visited

Community Reputation

211 Neutral

About Jason Zelos

  • Rank
    Advanced Member
  1. [web] SQL injection

    Quote:Original post by ToohrVyk Ugly. The simple and painless way would be to quote your string so it cannot be interpreted as SQL code at all, a functionality which most SQL interfaces provide. However, since you're using ASP, you might want to take a look at the safer, faster and cleaner Parametrized Queries. What he said... Without going into specifics, anything you grab from an end user needs to be constrained. The very worst thing you can do is replicate input back to the end user "as is". IE a form that asks for a name and then replicates the string value on screen. This would mean that anyone can shove in some javascript and make a spoofed site appears under *your* security context. Same principle with parameters, they need to be pre-processed before use. (Note: If using MSDE then stored procs are the way to go) J
  2. XHTML is HTML reformatted to validate as XML. If you fancy doing anything XML related (and you will) then XHTML is the best choice to begin with. XHTML is a document belonging to a particular XML grammar, whilst HTML is best described as a mess :) J
  3. A new file system

    Quote:Original post by benjamin bunny ...... Increasing the compatibility with other OSes helps sell operating systems, which is part of MS's core business. The royalties from FAT (assuming it's licensed that way) would probably be insignificant by comparison. And BTW, not everyone makes OSes to make money. MS are happy for windows to be compatible with other file systems but sadly the reverse is not true. (Could you see MS letting UNIX devs use NTFS without a fee paying licence?) And without MS its unlikly that a desktop file system would take off in any major way. Databases are buying into XML in a big way though, so for the server market perhaps... seanw : I missed that one, poor MS ;) Witchcraven: Almost all flash media cards use FAT caus its simple and its free (so they though and seanw's link confirms). Jay
  4. A new file system

    Open standards means lettng other people look at and use the standard. MS still dont give out ther binary file formats for office and could (if they ever decide to) make a nice little profit from the royalites on FAT. Using an (open) standard means you lose any potential money from related IP. Jay
  5. Quote:Original post by Aaron71771 I think there is plenty of room for reform in US politics. It would be nice to see more average american representation in the government. I worry about a third party because it would split the nation into even smaller minorities. I would think having a president who won with 50.1% of the vote would be preferable to one who on 34% of the vote; unless of course you can get enough people from the two primary parties to switch over, but I don't see that happening. But 34% of a larger voting electorate could be more peepe than 50.1% of bugger all. It depends on turnout and more choice=bigger turnout. Jay
  6. Warsong

    I did wonder about that 0 rating too. I even tried to read one of his posts to understand why (didn't work - i couldn't make it out). But I think its a point that in rating peeps based on political views we could end up with a biased lounge or no politics threads. With no rightwingers left who could you flame :P Jay
  7. How can I hack my own server?!

    Run a port scanner across your net connection to check what's accessable to teh world at large. Also use password checking/cracking tools (L0phtcrack - spelling ?) to check your passwords, make em hard. Dont forget about physical security as well, thats where most computer crime occurs not hacking. Keep up to date with patching as well, with MS products your gonna get a serious hole every 6 months or so :) Cisco Pix have a problem with the current version of the os as well so its worth checking your firewall firmware. You dont mention if you have a backup domain controller or not, I'd implement one at least. Also offsite backups are a must, you can buy space in a datacentre and stream across the internet for little cash nowadays. Jay Edit: Missed the bit about the port scanner, but check what protocols you are using, remove unecessary and drop any network drives. You could also run some sort of auditing software to keep an eye out on what is installed on your machines. Edit Edit: Web servers, who can upload to them and do you have antivirus FTP scanning ? You can upload ASP scripts to alter someone elses filespace if its not setup correctly. Also can use the FSO to grab any text files on any drive (inc network) on a webserver if not restricted.
  8. If you fancied using a parameterized query this code example may help, obviously though change the provider string to an access one. Note the adCmdStoredProc instead of adCmdText as its using parameters like a stored proc rather than including the query as the command text. (Maybe you already know this stuff, but.......) Jay Const strConn = "Provider=sqloledb;Data Source=MyServer;Initial Catalog=MyDB;UID=sa;PWD=MyPassword" Dim objCommand, objRS, objParam Set objCommand = Server.CreateObject("ADODB.Command") Set objRS = Server.CreateObject("ADODB.Recordset") objRS.CursorLocation = adUseClient With objCommand .CommandText = "MyDB.dbo.qry_LFT_Login" .CommandType = adCmdStoredProc .ActiveConnection = strConn End With Set objParam = objCommand.Parameters objParam.Append objCommand.CreateParameter("@Username",adVarChar,adParamInput, 255) objCommand("@Username") = strUsername objParam.Append objCommand.CreateParameter("@Password",adVarChar,adParamInput, 255) objCommand("@Password") = strPassword objRS.Open objCommand,, adOpenForwardOnly, adLockReadOnly Session("Username") = strUsername objParam.Delete ("@Username") objParam.Delete ("@Password") objRS.Close Set objComand = Nothing [Edited by - Jason Zelos on September 7, 2004 12:31:57 PM]
  9. [web] Resolution Support

    Yep, as he said 'width=100%;' sort of thing for containers and avoiding fixed widths whenever possible. Jay
  10. Abit KG7 + Albatron 5600EP == zilch?

    Not sure about that board but it might be worth setting the AGP to 4x in Bios before changing cards over. Your GF2 will be a 2x card and looking at the age of the MB it probably defaults to this. Different power levels for 4x, worth a try. Jay
  11. [web] Setting server charset/encoding

    Quote:Original post by Boder I don't get it either, ISO-8859-1? UTF-8? it doesn't seem to affect the encoding. It's all ANSI text isn't it? And like you said, the box is opened without the crowbar... You need to put the charset in so that chars with accents and such show correctly even in browsers with other language setups. Look at the bugs page here for examples (no charset in new forums yet). Jay
  12. UN declares Israel non-sovereign

    Quote:Original post by nitzan Jason: Sharon denounced Yossi not because of the content of the Geneva accord, but because he over-stepped his bounds and negotiated with the enemy without the knoweldge of his government. That is interpreted as treason in every country. I disagree, there is nothing new about individuals trying to make peace between waring states, its happened in almost every conflict I can recall in Europe and the US. Calling such persons tratiors is a very extreme reaction, at worst they tend to get called misguided in UK. Quote: Also it is widely known that Yossi did it in an attempt to further his own political career. I don't doubt it, but does it matter? Quote: I hate to say this, but you cannot argue with results. There is only one reason why the Palestinians, the Arab world, and even the Europeans are against the fence. It limits the murder of jews. In the short term, and in the long term may help to continue the conflict by eliminating what little reason is left amoungst leaders of both sides. Most peoples of all counties do not wish to see the killing of anyone, you listen to far too much anti-jewish retoric from minority groups. I would bet that even a majority of the Palestion people want peace more than anything else. Jay
  13. UN declares Israel non-sovereign

    Quote: #1 Yossi Beilin, a member of Israel's government WROTE THE GENEVA ACCORD! Ex-Justice Minister and accused of betraying his country by Sharon. Quote: #2 Yasser Abed Rabbo, who co-wrote the geneva accord, IS NOT A MEMBER OF THE PALESTINIAN AUTHORITY! I never said he was. Quote: #3 The PLO is STILL sworn to Israel's destruction. It's in the PLO CHARTER! OK, PLO should have read PA, I wrote in a hurry. Quote: #4 The PA, DID NOT SUPPORT THE GENEVA ACCORD. They never had a vote on it, they declared it pointless to hold said vote unless Israel agreed. Quote: #5 Israel's government, as a whole, decided against the Geneva accord because it's policy is not to negotiate with the Palestinians until they have started fighting terror. Israel's government was NOT OPPOSED to the wording of the Geneva accord, but to the TIMING (RE - they are waiting for the PA to STOP THE TERROR CAMPAIGN). Only timing? 'Israeli Prime Minister Ariel Sharon denounced Mr Beilin and his fellow Israeli negotiators as "traitors". He recently said the initiative "does Israel damage and is a mistake".' From the BBC. Quote: The crap people come up with on this board just to bash Israel never ceases to amaze me. At least get your facts right. I've no interetst in 'bashing' Israel, only its goverment for its lack of effort in stopping this conflict. Jay
  14. UN declares Israel non-sovereign

    For Info: Middle East Water Quote: Israel has experienced much difficulty in making additional water supplies available since the late 1960s, when it was using as much as 95% of the total renewable water sources available in its territory (Beaumont et al. 1988). Almost half of Israel's total water supply is dependent on water that has been diverted or pre-empted from Arab sources outside its pre-1967 boundaries (Naff and Matson 1984). The main effort has to be shifted to making more efficient use of available supplies rather than increasing the capacity of hydraulic structures. From UN - http://www.unu.edu/unupress/unupbooks/80858e/80858E02.htm#1.1%20Background Water map of the middle east. Overlay it with the security fence and you notice that a substantial part of the Western Aquifer which supplies more than the north and east put together is now on the Israeli side of the fence. Geneva Accord The text of the Geneva Accord, note brief bit about water yet to be complete and a lot about territory, 1967 borders + gradual removal of Israeli settlers and the Palestinians giving up their right to return. http://www.heskem.org.il/Heskem_en.asp Supported by most of the world, some PA members (Others never declared) but not by the Israeli government. Israeli Refusniks Numbers include the letter singers, 550 so far and approx 600 others in addition (from a number of other sources inc pacific news, figures not published by the IDF). That's quite a few for a force as small as the IDF. Jay Edit: Geneva Accord, PLO should read PA. [Edited by - Jason Zelos on July 10, 2004 3:47:47 PM]
  15. UN declares Israel non-sovereign

    Quote:Original post by Promit Quote:Original post by Jason Zelos Exactly, and the UN enforces international law. No, it suggests laws. For better or worse, the UN lacks any ability to enforce anything. Occasionally other countries decide to help enforce stuff...even when they don't want something enforced. It has the power to request that the security council come up with a plan of action. Agreed that most of the time it fails to get accord and therefore troops. I recall comments about a UN force, made up of forces delegated to UN action by there countries, maybe one day? Jay
  • Advertisement