Showing posts for category: Research
Thursday 10th August 2023 (updated: Wednesday 23rd August 2023)
I use MySQL a lot. I run it locally using MAMP for a ton of data projects that never find their way online.
My current development project involves a one-off operation to insert 1,000,000 rows of data to a small table. The table has 2 indexes - a Primary Key and a specific index on 2 columns.
The project is driven by JavaScript that then AJAX's out calls to PHP which runs the database operation.
The actual project is a pixel scanner which uses HTML5's Canvas API to examine a pixel, determine its RGBA val...[more]
Wednesday 2nd August 2023 (updated: Monday 1st January 2024)
Sometimes refered to as file path traversal.
I have become fascinated with the techniques attackers may use to discover web server directories and files. Specifically, of course, those directories and files that are not intended to be obvious.
A simple look at robots.txt in the root directory may unearth some resources that aren't meant to be viewed. By virtue of the fact they are listed in the .txt file the website owners don't want search engines indexing them. This is all above board and I'...[more]
Monday 24th July 2023 (updated: Monday 1st January 2024)
The whole concept of Promises in JavaScript I have always found useful. The action is handled asynchronously and the result is either a resolution 'resolve' or a rejection 'reject'.
Where it started to mangle with my brain cells is with the async/await functionality introduced in later versions of ECMAScript.
A simple JavaScript Promise can be defined as below:
const myPromise = new Promise((resolve, reject) => {
// Simulate an asynchronous operation (e.g., fetching data from a server)
s...[more]
Monday 24th July 2023
I asked ChatGPT the above question to help me with some research.
Both bcrypt and Argon2 are secure password-hashing algorithms supported by PHP's password_hash function. They are designed to hash passwords securely and protect against brute-force and rainbow table attacks. Here are the key differences between bcrypt and Argon2:
Algorithm and Security Strength:
Bcrypt: Bcrypt is an adaptive password-hashing algorithm based on the Blowfish cipher. It is a widely used and battle-tested algorith...[more]
Sunday 23rd July 2023 (updated: Monday 1st January 2024)
As an extension to my 'referer' project I also capture the IP address of the client as they arrive at my site using
$_SERVER["REMOTE_ADDR"]
I thought it would be an interesting exercise to see if I could do a reverse lookup on the IP address to identify any A (address) records held in each case.
I found a useful and free service at ipwho.is.
Using PHP's cURL is was able to provide any IP address and return some cool data.
$id = $_POST["id"];
$ip = $_POST["ipaddress"];
$ch = curl_init('h...[more]
Sunday 23rd July 2023 (updated: Monday 1st January 2024)
I recently created a small project to capture the URL of sites that have referred to my own website.
Interestingly it seems that search engines have suppressed the query string part of the URL.
e.g. for the URL
https://www.google.com/search?client=firefox-b-d&q=wilfs+corner
I would expect to be able to capture this in its entirety using PHP's
$_SERVER["http_referer"]
What is actually sent from the search engines is just the root domain. e.g. https://www.google.com/
Frustrating but then ...[more]