Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Dragooon
751
Development blog / Re: Package Manager, how we won't miss thee
« on June 25th, 2011, 11:12 AM »
Okay, please do not drop version detection entirely. Make it important to have versions, because many times feature detection itself isn't enough. Because one cannot detect a specific version of a mod depending upon feature(It may have same features, but different hooks), or their may be an important bug fix required for the add-on which is based on version detection.

And if a mod has multiple versions in multiple repositories, just show all of them(Highest version first). Simple as that, do not make it important to have a repository hosted mod but please push the repositories to be functional and mainstream. Cydia does handle paid mods and it works quite nicely, one just needs an auth to get in.
752
Development blog / Re: Package Manager, how we won't miss thee
« on June 24th, 2011, 11:16 AM »
Since you are working on Package Manager, perhaps also add something like dependency to other packages in the repository or package itself, similar to linux's repositories. Can come in handy.
753
Off-topic / Re: PHP IDE for windows
« on June 24th, 2011, 11:14 AM »
It still takes quite a while to load, but I'm fine with it. My only quirk with it is that it doesn't support git(Only CVS/SVN). I sent them an e-mail and they created an issue for it, so it'll be a while. I can't live without function assist :o.
754
Off-topic / Re: PHP IDE for windows
« on June 23rd, 2011, 05:31 PM »
I found PHPEdit (phpedit.com) and it seems very nice so far, has all the features of PHPDesigner with a nicer UI. Although it doesn't support git but windows' support for git sucks anyway.
Quote from Arantor on June 23rd, 2011, 05:23 PM
I still use Notepad++. Don't see a need for this IDE malarky.
The main use for IDE for me is function arguements, I got over 100 PHP file includes and it is sometime annoying to open a file to view its arguements. An IDE automatically reads all of them and shows while you're typing(Or atleast should in my book).
755
Off-topic / PHP IDE for windows
« on June 23rd, 2011, 03:57 PM »
I'm looking for a new PHP IDE for windows, preferably native(Java ones don't work as beautifully), I've been using phpDesigner but am thinking of moving on. What would you guys suggest?
756
Features: Miscellaneous / Re: Feed links
« on June 22nd, 2011, 08:56 PM »
No its much different than that, what you're talking about is SMF's Notify feature. RSS feeds are a web standard which can be read in convenience with a host of feed readers out there. Google it for moore information.
757
Development blog / Re: Package Manager, how we won't miss thee
« on June 22nd, 2011, 07:42 PM »
I love the sound of this, good luck! :)
758
Features: Forward thinking / Re: Removing deprecated code
« on June 22nd, 2011, 03:38 PM »
Quote from Norodo on June 22nd, 2011, 03:37 PM
One question may be, is Wedge really trying to appeal to "noobs"?
For all I know Nao will surely scare them away.
759
Features: Forward thinking / Re: Removing deprecated code
« on June 22nd, 2011, 12:51 PM »
Quote from Nao/Gilles on June 22nd, 2011, 10:54 AM
I've internally changed the minimum version to 5.2. Not much to change, actually... Our current code doesn't 'really' require 5.2+, it just could make use of that knowledge later on.
WePortal will be dissapointed.
760
Features: Forward thinking / Re: Removing deprecated code
« on June 22nd, 2011, 09:59 AM »
How many of you can get your host to upgrade to PHP 5.3? Any decent host should be co-operative enough to upgrade to the current stable version of PHP.
761
Off-topic / Re: Salary in web development
« on June 21st, 2011, 07:33 PM »
Does the quality of university make a difference? I do plan on doing proper post school 4 year course but I want to know if the university will make that much of a difference.
762
Off-topic / Re: Salary in web development
« on June 21st, 2011, 07:15 PM »
I had a question, do you have formal education in computer science?
763
Off-topic / Re: Post-XSS scenarios and database driven sessions
« on June 21st, 2011, 05:43 PM »
But then you can't really prevent an iframe fooling people, now can you? It's all up to people to properly look out for that. Session tokens might restrict them to the point where blind images won't screw but if a person does get the entire site in his iframe, he has almost endless control.
Quote
Sending session ids over GET: bad.  Use cookies only ini setting.  Sending cookies with the "httponly" flag so that JavaScript cannot even read them via document.cookie: good.  Definitely enable the httponly ini setting.
Ohh, I totally mistook what httponly meant, I thought you were referring to HTTP authentication, I didn't know you were referring to the flag which completely disables cookies being exposed to javascript. That is definitely in I believe.
764
Off-topic / Re: Post-XSS scenarios and database driven sessions
« on June 21st, 2011, 04:41 PM »
What is clickjacking? When someone makes an image leading to a private url?

Also, doesn't httponly contain a few security problems of its own? Even cPanel recommends cookie instead of httponly.

And SSL mostly protects against traffic sniffing correct? I'm mostly trying to figure out what is the significance of each security measure out there.
765
Off-topic / Re: Post-XSS scenarios and database driven sessions
« on June 21st, 2011, 03:21 PM »
I've really been looking into it even though I was 16 hours overdue for sleep. So the best way against XSS is to prevent it, I've realised that regardless of the measures the session will be stolen. So it is mostly in hands of htmlspecialchars, is there other way to do XSS even if the output is htmlspecialchar'ed?

As far as CSRF go, I guess that's what those session tokens in SMF are for?

Also as far as iFrame go, a person can't really steal a cookie from iframe correct?