phpmyadmin quick guide

6 09 2012

I won’t tell you why.
Go to this:
Install phpmyadmin on window





Redirection in ASP.NET

11 06 2012

We have 2 options.
1. Client-side Redirection with Response object

  • Response.Redirect(“file.aspx?x=what”)
  • Response.RedirectPermanent(“file.aspx?x=what”)
  • 2. Server-side Redirection with Server object

  • Server.Transfer(“file.aspx?x=what”)
  • With server redirection, if you perform redirection to other domains, a runtime error will be thrown. By the way, the performance is better because it reduces 1 hop of redirection from the client.

    Look up at the URL bar, and action keyword, you could notice how different it is.





    My HTML5

    3 04 2012

    References

  • Know your browser with findmebyip.com
  • Compatibility information with caniuse.com
  • Nodernizr HTML5 javascript tools
  • Data vocabulary for Rich snippets
  • Google Webform 2.0 — cross browser implementation
  • Baker — ebook framework for iPad and iPhone
  • LungoJS — mobile framework
  • Ai2Canvas plug-in enables Adobe® Illustrator® — mobile framework




  • A quick look on ASP.NET viewstate

    1 04 2012

    Viewstate is a cool mechanism in ASP.NET platform to maintain information supplied from the client-side. Every input will be submitted to the server with POST method by default. Some HTML input objects will contain javascript function calling back to the server as it is shown below.

    function __doPostBack(eventTarget, eventArgument) {
    if (!theForm.onsubmit || (theForm.onsubmit() != false)) {
    theForm.__EVENTTARGET.value = eventTarget;
    theForm.__EVENTARGUMENT.value = eventArgument;
    theForm.submit();
    }

    This mechanism could prevent CSRF(Cross-Site Request Forgery) attack implicitly. You have to write quite a few lines of code in PHP, if you want to prevent this kind of attack. However, viewstate is a trade-off between performance and security. Thus, disable viewstate on the page or on the objects you don’t need. Enable it only whenever you need it. Use viewstate wisely.

    Disable Viewstate
    1. website level
    In web.config, change enableViewState to false under system.web tag.

    <pages enableViewState="false"></pages>

    Whatever you change the properties of the control you use, the server could not maintain viewstate value.

  • Result –> Not maintain
  • Even the control was set as:
  • EnableViewState = True
    ViewStateMode = Inherit,Enable

    2.page level
    Modify the target page with,

    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="YOURCODE.aspx.cs" Inherits="XXXX_Stage" EnableViewState="false" %>

    Whatever you set the control, viewstate won’t work.

  • Result –> Not maintain
  • Even the control was set as:
  • EnableViewState = True
    ViewStateMode = Inherit,Enable

    3.control level
    Bear in mind that the setting inherit viewstate’s configuration from above levels by default. Website–>Page–>Control

  • Result –> maintain
  • EnableViewState = True
    ViewStateMode = Enable

  • Result –> not maintain
  • EnableViewState = True,False
    ViewStateMode = Disable

    Tested on:
    Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1





    PyCon US 2012

    12 03 2012

    Interesting and awesome python conference!!
    PyCon US 2012 in Santa Clara, CA

  • Web scraping: Reliably and efficiently pull data from pages that don’t expect it
  • Advanced Security Topics
  • Practical Machine Learning in Python
  • DevOps for Python: Doing More With Less
  • Introduction to PDB




  • Software Security

    10 04 2011

    Not only the network security world is large, but also the world of software security.

    ThinkSec by Frank Kim
    SANS Software Security

    Inspiring!!! I need to try harder.





    Base64 with GZip Encoding and Decoding

    28 03 2011

    I often see some applications hide its communication data with base64 and gzip compression mechanism. With Burp proxy, there is no option to crack this kind of data. Therefore, I decided to help Burp with php script.
    Download and rename to myencode.php

    <?php
    if (isset($_POST['estr']))
    { if (!strcmp($_POST['cmd'],"Decode"))
    { $words = gzuncompress(base64_decode($_POST['estr']));
    }
    else
    { $words = base64_encode(gzcompress($_POST['estr']));
    }
    }
    ?>

    I hope it might ease your days.