TYPOlight webCMS - Home Midgard: Midgard2 - Content Repository Midgard2 objects are defined using MgdSchema XML configuration files. Their classes are automatically registered for usage in applications and are described using MgdSchema file attributes and properties. Naming Conventions Due to language binding limitations, type names should be in lowercase and use underscores as word separators. Temporary files with '.' or '#' prefixes, or with a '#' suffix will be ignored and warning messages will be printed to the log file or directly to the terminal window. Schema Structure Here's a simple example: Loading Schema Files When an application starts up, Midgard2 parses the main schema file MidgardObjects.xml which defines all the built-in types like midgard_person and midgard_attachment. To load additional MgdSchema files, place them into your /usr/share/midgard2/schema directory (this may be different if you chose another prefix during midgard-core compilation). Writing Midgard Schemas For every newly-defined type, mandatory attributes have to be set. or
PRADO PHP Framework Wedia - Solutions de gestion et de publication de contenus multi-supports (Web, papier, mobile) Chris Shiflett: Security Corner: Session Fixation Security is gaining more and more attention online. As PHP continues to be a key component of the web’s future, malicious attackers will begin to target weaknesses in PHP apps more frequently, and developers need to be ready. I am very pleased to introduce Security Corner, a new monthly column that is focused completely on web app security. This month’s topic is session fixation, a method of obtaining a valid session identifier without the need for predicting or capturing one. Session Fixation Session security is a vast and complex topic. There are numerous types of session-based attacks. There are at least three ways that a valid session identifier can be obtained by an attacker: Prediction Capture Fixation Prediction only involves guessing a valid session identifier. Capturing a valid session identifier is much more common, and there are numerous types of attacks that use this approach. A Simple Attack In the simplest case, a session fixation attack can use a link: Or, a redirect: Listing 1
Welcome to Apache Jackrabbit PHP best practices This guide will give you solutions to common PHP design problems. It also provides a sketch of an application layout that I developed during the implementation of some projects. php.ini quirks Some settings in the php.ini control how PHP interpretes your scripts. short_open_tag Always use the long PHP tags: <? asp_tags Do not use ASP like tags: <% echo "hello world"; %> gpc_magic_quotes I recommend that you include code in a global include file which is run before any $_GET or $_POST parameter or $_COOKIE is read. register_globals Never rely on this option beeing set. File uploads: The maximum size of an uploaded file is determined by the following parameters: file_uploads must be 1 (default) memory_limit must be slightly larger than the post_max_size and upload_max_filesize post_max_size must be large enough upload_max_filesize must be large enough Have one single configuration file You should define all configuration parameters of your application in a single (include) file. Generate code <?
Pligg Content Management System