... Site-wide random salt is bad, since an attacker can precompute rainbow tables and grab your entire user database. If you don't understand this, please don't write login/security systems :) - you NEED per-user salts. ...

... Just recently I spent a lot of time debugging why this didn't work on a site in Ubuntu Apache 2.4.7. Rewrite debugging showed the rule being hit and generating an INTERNAL REDIRECT. Then it seemed to just park that and look for an index page. Turns out that if mod_dir is enabled AND there is an i...

... How do I get the user IP? – sites Apr 27 '13 at 21:40 @juanpastas you don't. you just ping a ...

...sizes for inputs and the like. It's just not how folks build pixel perfect sites. That's a bit all over and hopefully coherent enough. I'll try to blog about these changes as they come up more, but I'm unsure how close 3.0 is and what that will all entail yet. I would suggest anyone with strong fee...

...======== // // =================================================== // //If site uses HTTPS: $HTTP_or_HTTPS = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS']!=='off') || $_SERVER['SERVER_PORT']==443) ? 'https://':'http://' ); //in some cases, you need to add this condition too: if...

... A website shouldn't be able to know a user's history which could include indirect personal information. A site can use tracking/cookies to know what the user is doing on the site itself but they shouldn't, for example, be allowed ...

...e GET /../../blahblah http/1.1 is issued and the server walks above the website root and into system file land, serving files that can be used to compromise or remotely attack the system, like a password file. – Lawrence Dol Sep 17 '10 at 4:51 ...

... Facelets 2.0 immediately, then you need to do a lot of changes before the site can go live. You're basically changing the view technology here. Master page changes On every master page, you need to change the following basic JSP template.. <%@page contentType="text/html" pageEncoding="UTF-8"...

...the test implemented by the provided function." Implementing the exact opposite on a global seems pretty silly, doesn't it? – pyrotechnick Aug 30 '11 at 6:58 8 ...

...ause it's a sketch for Scala, it uses Scala syntax and assumes declaration-site variance, which is quite different to Java's weird call-site variance... Maybe I should write a more detailed answer that clearly shows how this sketch applies to Java... – Andrey Tyukin ...