Deprecated: Joomla\Input\Input implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /homepages/13/d380392445/htdocs/Jlive/libraries/vendor/joomla/input/src/Input.php on line 41

Deprecated: Return type of Joomla\Input\Input::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /homepages/13/d380392445/htdocs/Jlive/libraries/vendor/joomla/input/src/Input.php on line 170

Deprecated: Joomla\CMS\Input\Input implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /homepages/13/d380392445/htdocs/Jlive/libraries/src/Input/Input.php on line 31

Deprecated: Joomla\CMS\Input\Cookie implements the Serializable interface, which is deprecated. Implement __serialize() and __unserialize() instead (or in addition, if support for old PHP versions is necessary) in /homepages/13/d380392445/htdocs/Jlive/libraries/src/Input/Cookie.php on line 21

Deprecated: str_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /homepages/13/d380392445/htdocs/Jlive/libraries/src/Uri/Uri.php on line 141
Recent Blog Posts - Macrotone Blogs - Page 22

Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.
Categories
Tags
Archives
Calendar
Categories:   All Categories
Suggested keywords
x
Geoffrey Chapman

Session Fixation Protection

Came across an interesting article on Session Fixation Protection [requires registration].  In essence a session fixation is a vulnerability caused by incorrectly handling user sessions in a Web application. A user’s session is usually tracked by a cookie, which is assigned when the user visits the page with the Web application for the first time. The problem occurs when this cookie does not change for the duration of the browsing session; users authenticate and log out, but their session cookie remains the same. This is often the default behaviour of an application.

Whilst understanding the problem, I tend to wonder just how much of a problem it actually is in real life.

The only solution is correct coding of the Web application, always assigning a new cookie immediately after a user has authenticated on a site.

Tags:
session fixation cookies
Geoffrey Chapman

Resolving short URLs

One thing that we are seeing more and more often are links identified by short URLs.  These on the surface seem very handy and avoid typing but they hide the real site and it is very easy to hide a malware site behind them by tricking users by actually redirect the user's browser to a site hosting malware.   This is easy to do using a popular URL shortening service like TinyURL, Bit.Ly, and many others. For example http://bit.ly/uKClxK is a shortened URL and yes, in this case it is safe to click, you may go ahead...

Continue reading
Geoffrey Chapman

Joomla PHP White Page Error

Whilst developing Joomla extensions I sometimes get a White Page error.  I discovered this interesting post by Phil Taylor that I have edited and reproduced below.

Sometimes, due to a PHP error, a Joomla Extension can stop working and, without displaying an error, leading you to a blank page.

 

In that case, to find out why, perform the following actions:

Continue reading
Geoffrey Chapman

Technical Article links

The following are interesting articles that are generally informative and may prove useful to someone in the future.

Scaling a PHP MySQL Web Application, Part 1

Scaling a PHP MySQL Web Application, Part 2

The DBA’s Guide to Setting Up Oracle RAC One Node and Oracle Data Guard

The DBA’s Guide to Setting Up Oracle RAC One Node and Oracle Data Guard, Part 2 (Advanced)

MySQL and Oracle Goldengate

Tags:
RAC DBA Oracle PHP Data Guard MySQL
Geoffrey Chapman

Password Control User Profile Plugin

Just in time for Xmas, the first release of the Password Control User Profile Plug-in 0.0.1 is now available in the download area.  This optional plug-in works with the Password Control System Plug-in to display information in the users profile of their last and next scheduled password change.  It works with version 0.0.4 and up of the system plug-in.

   The user plug-in also provides the site administrator with the ability to change a user's next password change date, subject to the settings specified on the system plug-in parameters.  See the documentation for more details.

Tags:
joomla Password Control Plugin
Geoffrey Chapman

MySQL versions and binlog_format settings

Following on from an earlier post, there has been further investigations into the settings of the binlog_format setting for MySQL.  The problem is possibly aggravated by the use of InnoDB tables, which are the default in MySQL 5.5, the use of which offers some distinct advantages.  This setting seems to have been introduced in version 5.1.5 of MySQL.  Prior to that date it didn't exist and attempts to use the setting would generate an error, which is not totally surprising.

Continue reading
Tags:
MySQL logs InnoDB
Geoffrey Chapman

MySQL logs and QNAP systems

 

All (most) company development and testing making use of MySQL databases locates the databases upon QNAP systems.  The default MySQL installing being by the QNAP installation itself.  Recently there has been some interest in the space being consumed.  Looking at the database settings in the /etc/my.cnf file it can be seen that it is not optimum.
The main areas of interest are the log files.  It is noted that the binlog format is set to STATEMENT which is why the messages about log format have been seen.  [It is not known how many systems are set to the default so it is sensible perhaps to leave the setting alone.  In this way we have a 'worse' case scenario for when we distribute software and have to include session settings to enable the software to install and/or function.]

Continue reading
Tags:
QNAP MySQL logs
Geoffrey Chapman

PHP calling MySQL functions and procedures

Following on from a recent post on creating MySQL functions and procedures from PHP, the next logical step is to make use of the functions and procedures.

To call a MySQL procedure using the Joomla database classes you make use of a CALL statement.

  $query = 'CALL #__dbprocedure (' . $userId . ',"' . $date . '","' . $ndate . '","' . $datap . '",' . $npwds . ')';
  $db->setQuery($query);
  $retn= $db->query();   // Returns false if query fails to execute

 

Continue reading
Geoffrey Chapman

Using PHP to create MySQL database procedures

There was a requirement to create MySQL database procedures and functions for a future feature of the Password Control plugin component.   Much time and effort was put into finding a solution that would work.  Extensive searching of the available documentation and internet resources didn't really help hence this blog.

Extensive attempts using the SQL update files and the manifest file failed to produce a result.  In the end a solution was found using the manifest installation script file and writting PHP code.

Continue reading
Geoffrey Chapman

Oracle based packages available

The Oracle database packages, Unwrap v1.0, Holidays v1.3, Stats v1.4, Audit v1.6 and Data Masking v1.0  are available for registered users in the Download area.

Tags:
Oracle Packages
Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries