120 Excellent Examples of Orizontal Menu

http://www.csstea.com/css-gallery-news-and-resources/264-120-excellent-examples-of-css-horizantal-menu.html
YEaY!

Loading mentions Retweet

Top! Hit list web sites!

http://web.top.org/css/

Loading mentions Retweet

Negare l'accesso ad alcuni file sul server tramite regexp apache

Citazione:

Originariamente inviato da strae
E quindi dopo vale anche per le sottodirectory?
Scusa, forse è chiedere troppo e me ne rendo conto, ma mi scriveresti un esempio funzionante con 'nomefile.txt' ?
Ho provato più volte a studiare le regexp, ma proprio non mi entrano in testa..
E non sono espertissimo nella configurazione di apache, mi faresti davvero un grandissimo favore...

certo, vale per tutte le sottodirectory, a meno che queste non abbiano propri htaccess che ridefiniscano nuove regole. in questo caso, queste avrebbero -ovviamente- la priorità.

Ecco un esempio facile facile (appena testato, da me funziona):

<FilesMatch "\.(gif|jpe?g|png)$">
Order allow,deny
Deny from all
</FilesMatch>

questa sequenza, inserita nell'htaccess della root, blocca l'accesso a qualsiasi file grafico del sito: in pratica il visitatore non vedrà nessuna jpeg, jpg, gif o png.

venendo a te: se vuoi che nessuno possa accedere ai file direttamente digitando la richiesta sul browser, e che questi siano invece accessibili solo dallo script, inserisci nell'htaccess della root:

Citazione:

<FilesMatch "www.example.com\/folder1\/*\/*.txt$">
Order allow,deny
Deny from all
</FilesMatch>

Le espressioni regolari, per quanto ostiche, una volta capite sono potentissime. comincia ad allenarti ad esempio qui: http://rexv.org/

Loading mentions Retweet

Tabella della compatibilità dei Font sul Web

Generic	Font	Windows 9x/2K/XP	Windows Vista	Mac Classic	Mac OS X	Linux Unix
serif	Cambria
	Constantia
	Times New Roman
	Times
	Georgia
sans-serif	Andale Mono
	Arial
	Arial Black
	Calibri
	Candara
	Century Gothic
	Corbel
	Helvetica
	Impact
	Trebuchet MS
	Verdana
cursive	Comic Sans MS
monospace	Consolas
	Courier New
	Courier

Loading mentions Retweet

HTTP Status Codes Explained

15 comments

Posted May 11, 2004 in Apache

HTTP, Hypertext Transfer Protocol, is the method by which clients (i.e. you) and servers communicate. When someone clicks a link, types in a URL or submits out a form, their browser sends a request to a server for information. It might be asking for a page, or sending data, but either way, that is called an HTTP Request. When a server receives that request, it sends back an HTTP Response, with information for the client. Usually, this is invisible, though I'm sure you've seen one of the very common Response codes - 404, indicating a page was not found. There are a fair few more status codes sent by servers, and the following is a list of the current ones in HTTP 1.1, along with an explanation of their meanings.

A more technical breakdown of HTTP 1.1 status codes and their meanings is available at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html. There are several versions of HTTP, but currently HTTP 1.1 is the most widely used.

Informational

• 100 - Continue
  A status code of 100 indicates that (usually the first) part of a request has been received without any problems, and that the rest of the request should now be sent.
• 101 - Switching Protocols
  HTTP 1.1 is just one type of protocol for transferring data on the web, and a status code of 101 indicates that the server is changing to the protocol it defines in the "Upgrade" header it returns to the client. For example, when requesting a page, a browser might receive a statis code of 101, followed by an "Upgrade" header showing that the server is changing to a different version of HTTP.

Successful

• 200 - OK
  The 200 status code is by far the most common returned. It means, simply, that the request was received and understood and is being processed.
• 201 - Created
  A 201 status code indicates that a request was successful and as a result, a resource has been created (for example a new page).
• 202 - Accepted
  The status code 202 indicates that server has received and understood the request, and that it has been accepted for processing, although it may not be processed immediately.
• 203 - Non-Authoritative Information
  A 203 status code means that the request was received and understood, and that information sent back about the response is from a third party, rather than the original server. This is virtually identical in meaning to a 200 status code.
• 204 - No Content
  The 204 status code means that the request was received and understood, but that there is no need to send any data back.
• 205 - Reset Content
  The 205 status code is a request from the server to the client to reset the document from which the original request was sent. For example, if a user fills out a form, and submits it, a status code of 205 means the server is asking the browser to clear the form.
• 206 - Partial Content
  A status code of 206 is a response to a request for part of a document. This is used by advanced caching tools, when a user agent requests only a small part of a page, and just that section is returned.

Redirection

• 300 - Multiple Choices
  The 300 status code indicates that a resource has moved. The response will also include a list of locations from which the user agent can select the most appropriate.
• 301 - Moved Permanently
  A status code of 301 tells a client that the resource they asked for has permanently moved to a new location. The response should also include this location. It tells the client to use the new URL the next time it wants to fetch the same resource.
• 302 - Found
  A status code of 302 tells a client that the resource they asked for has temporarily moved to a new location. The response should also include this location. It tells the client that it should carry on using the same URL to access this resource.
• 303 - See Other
  A 303 status code indicates that the response to the request can be found at the specified URL, and should be retrieved from there. It does not mean that something has moved - it is simply specifying the address at which the response to the request can be found.
• 304 - Not Modified
  The 304 status code is sent in response to a request (for a document) that asked for the document only if it was newer than the one the client already had. Normally, when a document is cached, the date it was cached is stored. The next time the document is viewed, the client asks the server if the document has changed. If not, the client just reloads the document from the cache.
• 305 - Use Proxy
  A 305 status code tells the client that the requested resource has to be reached through a proxy, which will be specified in the response.
• 307 - Temporary Redirect
  307 is the status code that is sent when a document is temporarily available at a different URL, which is also returned. There is very little difference between a 302 status code and a 307 status code. 307 was created as another, less ambiguous, version of the 302 status code.

Client Error

• 400 - Bad Request
  A status code of 400 indicates that the server did not understand the request due to bad syntax.
• 401 - Unauthorized
  A 401 status code indicates that before a resource can be accessed, the client must be authorised by the server.
• 402 - Payment Required
  The 402 status code is not currently in use, being listed as "reserved for future use".
• 403 - Forbidden
  A 403 status code indicates that the client cannot access the requested resource. That might mean that the wrong username and password were sent in the request, or that the permissions on the server do not allow what was being asked.
• 404 - Not Found
  The best known of them all, the 404 status code indicates that the requested resource was not found at the URL given, and the server has no idea how long for.
• 405 - Method Not Allowed
  A 405 status code is returned when the client has tried to use a request method that the server does not allow. Request methods that are allowed should be sent with the response (common request methods are POST and GET).
• 406 - Not Acceptable
  The 406 status code means that, although the server understood and processed the request, the response is of a form the client cannot understand. A client sends, as part of a request, headers indicating what types of data it can use, and a 406 error is returned when the response is of a type not i that list.
• 407 - Proxy Authentication Required
  The 407 status code is very similar to the 401 status code, and means that the client must be authorised by the proxy before the request can proceed.
• 408 - Request Timeout
  A 408 status code means that the client did not produce a request quickly enough. A server is set to only wait a certain amount of time for responses from clients, and a 408 status code indicates that time has passed.
• 409 - Conflict
  A 409 status code indicates that the server was unable to complete the request, often because a file would need to be editted, created or deleted, and that file cannot be editted, created or deleted.
• 410 - Gone
  A 410 status code is the 404's lesser known cousin. It indicates that a resource has permanently gone (a 404 status code gives no indication if a resource has gine permanently or temporarily), and no new address is known for it.
• 411 - Length Required
  The 411 status code occurs when a server refuses to process a request because a content length was not specified.
• 412 - Precondition Failed
  A 412 status code indicates that one of the conditions the request was made under has failed.
• 413 - Request Entity Too Large
  The 413 status code indicates that the request was larger than the server is able to handle, either due to physical constraints or to settings. Usually, this occurs when a file is sent using the POST method from a form, and the file is larger than the maximum size allowed in the server settings.
• 414 - Request-URI Too Long
  The 414 status code indicates the the URL requested by the client was longer than it can process.
• 415 - Unsupported Media Type
  A 415 status code is returned by a server to indicate that part of the request was in an unsupported format.
• 416 - Requested Range Not Satisfiable
  A 416 status code indicates that the server was unable to fulfill the request. This may be, for example, because the client asked for the 800th-900th bytes of a document, but the document was only 200 bytes long.
• 417 - Expectation Failed
  The 417 status code means that the server was unable to properly complete the request. One of the headers sent to the server, the "Expect" header, indicated an expectation the server could not meet.

Server Error

• 500 - Internal Server Error
  A 500 status code (all too often seen by Perl programmers) indicates that the server encountered something it didn't expect and was unable to complete the request.
• 501 - Not Implemented
  The 501 status code indicates that the server does not support all that is needed for the request to be completed.
• 502 - Bad Gateway
  A 502 status code indicates that a server, while acting as a proxy, received a response from a server further upstream that it judged invalid.
• 503 - Service Unavailable
  A 503 status code is most often seen on extremely busy servers, and it indicates that the server was unable to complete the request due to a server overload.
• 504 - Gateway Timeout
  A 504 status code is returned when a server acting as a proxy has waited too long for a response from a server further upstream.
• 505 - HTTP Version Not Supported
  A 505 status code is returned when the HTTP version indicated in the request is no supported. The response should indicate which HTTP versions are supported.

RedirectMatch 410 \.***$

Loading mentions Retweet

Get Satisfaction Widgets

via getsatisfaction.com

Ottimo servizio online dal quale prendere spunto

Loading mentions Retweet

Non ho cominciato a drogarmi. Stò solo facendo dei test tra posterous e feisbuk.

Loading mentions Retweet

Postgresql Inherithance

CREATE TABLE main (...);

CREATE TABLE child () INHERITS (main);

CREATE INDEX $index_name ON child USING btree (field)

ALTER TABLE child ADD FOREIGN KEY ($field) REFERENCES other_table($field) ON DELETE SET NULL

Loading mentions Retweet

Installing PostgreSQL on Debian

Description

This tutorial is about howto installing PostgreSQL on Debian Server.

Installing PostgreSQL

apt-get update
apt-get install pgsql

Create Language

Example plpgsql

su postgres
createlang plpgsql template1
exit

Change authentication method

We need to edit file pg_hba.conf to change authentification method for accessing PostgreSQL database.

cp /etc/postgresql/pg_hba.conf /etc/postgresql/pg_hba.confbak
vi  /etc/postgresql/pg_hba.conf

Find this section

# TYPE  DATABASE  USER  IP-ADDRESS  IP-MASK  METHOD
# Database administrative login by UNIX sockets
local  all  postgres        ident sameuser
#
# All other connections by UNIX sockets
local  all  all        ident sameuser

#
# All IPv4 connections from localhost
host  all  all  127.0.0.1  255.255.255.255  ident sameuser
#
# All IPv6 localhost connections
host  all  all  ::1  ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff  ident sameuser

host  all  all    ::ffff:127.0.0.1/128  ident sameuser
#
# reject all other connection attempts
host  all  all  0.0.0.0  0.0.0.0  reject

Edit that section to

# TYPE  DATABASE  USER  IP-ADDRESS  IP-MASK  METHOD
# Database administrative login by UNIX sockets
local  all  postgres        ident sameuser
#
# All other connections by UNIX sockets
local  all  all        password

#
# All IPv4 connections from localhost
host  all  all  127.0.0.1  255.255.255.255  password
#
# All IPv6 localhost connections
host  all  all  ::1  ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff  password
host  all  all    ::ffff:127.0.0.1/128  password

#
# reject all other connection attempts
host  all  all  0.0.0.0  0.0.0.0  reject

Restart PostgreSQL Server

/etc/init.d/postgresql restart

Create a New Database

Example wordpress

su postgres
createdb -T template1 wordpress
exit

Create a New User

Example: User supriyadisw with password cak3p

su postgres
createuser supriyadisw -P
Enter password for new user: cak3p [enter]
Enter it again: cak3p [enter]
Shall the new user be allowed to create databases? (y/n) y [enter]
Shall the new user be allowed to create more new users? (y/n) n [enter]

CREATE USER
exit

Login to PostgreSQL

pgsql -U supriyadisw wordpress [enter]
Password: cak3p [enter]

Good Luck

FROM: http://www.supriyadisw.net

Loading mentions Retweet

How can I allow my user to insert HTML code, without risks? (not only technical risks)

2 1

Hi guys. I developed a web application, that permits my users to manage some aspects of a web site dynamically (yes, some kind of cms) in LAMP environment (debian, apache, php, mysql) Well, for example, they create a news in their private area on my server, then this is published on their website via a cURL request (or by ajax). The news is created with an WYSIWYG editor (fck at moment, probably tinyMCE in the next future). So, i can't disallow the html tags, but how can i be safe? What kind of tags i MUST delete (javascripts?)? That in meaning to be server-safe.. but how to be 'legally' safe? If an user use my application to make xss, can i be have some legal troubles? php xss security javascript html edit|rollback|close|delete edited Mar 31 at 15:29 bdukes 7,249●6●28 asked Mar 31 at 15:26 DaNieL 418●9

add comment

6	If you are using php, an excellent solution is to use HTMLPurifier. It has many options to filter out bad stuff, and as a side effect, guarantees well formed html output. I use it to view spam which can be a hostile environment. link answered Mar 31 at 15:40 DGM 775●1●11
	I decided to take this way, plus some kind of personal steps. I must give the total freedom to my costumers to use html tags ('cos of the WYSIWYG editor), restricting only certain things.. i hope that keep it updated with the latest security doors wont be much problematic. – DaNieL Apr 1 at 7:40  I trust it much more that I trust my own efforts.... – DGM Apr 1 at 17:09 add comment

6

The general best strategy here is to whitelist specific tags and attributes that you deem safe, and escape/remove everything else. For example, a sensible whitelist might be <p>, <ul>, <ol>, <li>, <strong>, <em>, <pre>, <code>, <blockquote>, <cite>. Alternatively, consider human-friendly markup like Textile or Markdown that can be easily converted into safe HTML. link|flag edited Mar 31 at 23:07 answered Mar 31 at 15:31 John Feminella 10.5k●25●47

Can´t you still insert scripts in the allowed tags using a white-list? – jeroen Mar 31 at 15:38 That depends on how you're escaping them. If you're describing something like "<scr<script>ipt ...", I'd first note that "<scr" looks like the beginning of a tag. Since "scr" isn't whitelisted, we can escape it safely. Then we get to the "<script>" and it's also escaped/removed. – John Feminella Mar 31 at 15:45 I was thinking more about the attributes, but I guess that depends if your white-list has any tags that need them, so you would have to allow them. If you allow attributes, you´d have to get rid of the whole onclick="", etc. range, but I guess that´s pretty obvious :) – jeroen Mar 31 at 15:54 Oh, absolutely. You have to whitelist attributes separately, though, just like you whitelist each tag. (That's the price you pay for being explicit.) – John Feminella Mar 31 at 16:18 add comment

4

It doesn't really matter what you're looking to remove, someone will always find a way to get around it. As a reference take a look at this XSS Cheat Sheet. As an example, how are you ever going to remove this valid XSS attack: <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> Your best option is only allow a subset of acceptable tags and remove anything else. This practice is know as White Listing and is the best method for preventing XSS (besides disallowing HTML.) Also use the cheat sheet in your testing; fire as much as you can at your website and try to find some ways to perform XSS. link|flag edited Mar 31 at 15:53 answered Mar 31 at 15:32 LFSR Consulting 5,285●1●8●27

add comment

2	Rather than allow HTML, you should have some other markup that can be converted to HTML. Trying to strip out rogue HTML from user input is nearly impossible, for example <scr<script>ipt etc="..."> Removing from this will leave <script etc="..."> link|flag answered Mar 31 at 15:31 ck 5,689●2●19
	Using a white list rather than a black list would solve this problem. – Gumbo Mar 31 at 15:37 see the img tag answer in stackoverflow.com/questions/701580/… – ck Mar 31 at 15:44 XSS is also possible through other markup languages, such as BBcode, so that doesn't really fix anything. A whitelist approach works pretty well. – troelskn Mar 31 at 16:17 add comment

2	For a C# example of white list approach, which stackoverflow uses, you can look at this page. link|flag answered Mar 31 at 15:42 cagdas 1,082●8
	add comment

From StackOverflow.com

Loading mentions Retweet