易截截图软件、单文件、免安装、纯绿色、仅160KB

HTTP Only cookies without PHP 5.2


HTTP Only cookies without PHP 5.2
by Matt Mecham
on September 12, 2006
For a while, Microsoft have had a flag
for cookies called ‘httponly’. This doesn’t sound particularly
exciting, but it is a vital step forward for web application security.
This flag tells Internet Explorer to make this cookie ‘invisible’ to
javascript (and other scripting languages) which means that an XSS
attack will no longer be able to steal your sensitive cookies.
The problem is that ‘http only’ support has only just been added into PHP 5.2
. This makes this feature unavailable to most webservers.
However, there appears to be a way to force this flag to be written
regardless of your PHP version by simply adding “; HttpOnly” at the end
of the domain name when setting the cookie. PHP’s “setcookie” function
merely formats the data into a “set-cookie” header. Fortunately, PHP
doesn’t appear to filter out or escape the semi-colon so it’s added to
the end of the “set-cookie” request.
if ( PHP_VERSION < 5.2 )
{
  @setcookie( $name, $value, $expires, $path, $domain. '; HttpOnly' );
}
else
{
  @setcookie( $name, $value, $expires, $path, $domain, NULL, TRUE );
}
I've tested this out and it appears to work fine. IE7 shows the
"sensitive" cookie data in the document.cookie string without adding
the flag. Adding the flag onto the domain string causes the sensitive
cookies to disappear from the document.cookie string.
Firefox ignores it and sets cookies as does Safari and Opera. I'll
do some more testing and report in on my findings. I also have a
Firefox friendly version to stop access to the document.cookie which
I'll post up tomorrow.
UPDATE 14th September
I've downloaded the source to PHP 5 to make confirm that this 'hack'
will work across different platforms. The source code confirms that no
cleaning takes place on


相关文档:

PHP多用户在线客服系统

PHP多用户在线客服系统,后台有代码镶嵌到你的系统中,不过这个是英文的,感觉很实用,简洁,方便,需要的可以自己汉化,不就是改里面的一些提示信息嘛,地址是:http://mibew.org/
,这个是开源的,支持多用户同时在线联系客服,客服后台及时性很强,只要用户点击在线客服,后台就有提示,而且可以查看聊天记录,很多实用 ......

Apache+php+mysql的配置


Apache官方下载地址:apache_2.0.55-win32-x86-no_ssl.msi,更多版本在这里;
php官方下载地址:php-5.0.5-Win32.zip,更多镜像下载地址,更多版本下载;
mysql官方下载地址:mysql-4.1.14-win32.zip,更多镜像下载地址,更多版本下载。
Apache的配置:
我一开始怎么搞都不好,我上网找,有的说是iis的问题,有的说是 ......

Linux 下php扩展 tidy 的安装 _ 参考

tidy 是一个非常帮忙的网页代码分析和纠错的工具,能够支持多种页面编码,并且支持xhtml输出。如果我们偷懒,甚至可以将整个页面缓存,最后采用tidy处理,最后输出完美的xhtml代码。
linux下安装过程如下:
首先安装tidy ,下载tidy源代码:
cvs -d:pserver: anonymous@tidy.cvs.sourceforge.net 为防备电子邮件地址收集 ......

linux 64bit _ php 添加 tidy 支持 _ 笔记

# 安装tidy
yum install tidy libtidy-devel
# 给php添加tidy模块
wget http://pecl.php.net/get/tidy-1.2.tgz
tar -xvzf tidy-1.2.tgz
cd tidy-1.2
/usr/local/php/bin/phpize
./configure --with-php-config=/usr/local/php/bin/php-config --libdir=/usr/lib64
make
make install
echo "extension="tidy.so"" ......
© 2009 ej38.com All Rights Reserved. 关于E健网联系我们 | 站点地图 | 赣ICP备09004571号