... Site-wide random salt is bad, since an attacker can precompute rainbow tables and grab your entire user database. If you don't understand this, please don't write login/security systems :) - you NEED per-user salts. ...

...======== // // =================================================== // //If site uses HTTPS: $HTTP_or_HTTPS = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS']!=='off') || $_SERVER['SERVER_PORT']==443) ? 'https://':'http://' ); //in some cases, you need to add this condition too: if...

...e GET /../../blahblah http/1.1 is issued and the server walks above the website root and into system file land, serving files that can be used to compromise or remotely attack the system, like a password file. – Lawrence Dol Sep 17 '10 at 4:51 ...

... Facelets 2.0 immediately, then you need to do a lot of changes before the site can go live. You're basically changing the view technology here. Master page changes On every master page, you need to change the following basic JSP template.. <%@page contentType="text/html" pageEncoding="UTF-8"...

... How do I get the user IP? – sites Apr 27 '13 at 21:40 @juanpastas you don't. you just ping a ...

... Just recently I spent a lot of time debugging why this didn't work on a site in Ubuntu Apache 2.4.7. Rewrite debugging showed the rule being hit and generating an INTERNAL REDIRECT. Then it seemed to just park that and look for an index page. Turns out that if mod_dir is enabled AND there is an i...

...sizes for inputs and the like. It's just not how folks build pixel perfect sites. That's a bit all over and hopefully coherent enough. I'll try to blog about these changes as they come up more, but I'm unsure how close 3.0 is and what that will all entail yet. I would suggest anyone with strong fee...

...the test implemented by the provided function." Implementing the exact opposite on a global seems pretty silly, doesn't it? – pyrotechnick Aug 30 '11 at 6:58 8 ...

... A website shouldn't be able to know a user's history which could include indirect personal information. A site can use tracking/cookies to know what the user is doing on the site itself but they shouldn't, for example, be allowed ...

... was running API 21 and when I used the API 19 implementation shown on the site you linked, it finally worked. – Milos Ivanovic May 31 '15 at 15:03 2 ...