Monthly Archives: January 2015

About sanitizing input

Sanitizing is more that just running your input through all sorts of filters.

Sanitizing your input is about not polluting your application with user data you don’t want.
The big question, though, what is it you don’t want?

First example

You’ve made a page, allowing a user to send a text message. Your expected input would be a phone number and a text message.
Looking at the Rule reference in the manual, I would probably go for these rules:

numeric|exact_length[8]

These rules as I would like to make sure that the input is nummeric and that the input matches the length of phonenumbers in my region. Since I already validate that the input is nummeric, I can assume that XSS and SQL injection attempts should fail (as these attacks contain non-nummeric characters).

For the text message field, I would use trim and required: trim|required as I don’t wan’t an empty message sent.

Second example

Allowing users to comment, is a good way to allow users to spam your site or inject malicious code.

Basically, what you wan’t is a name, an email and the comment.

All input needs to be required. The e-mail needs to validate. But the comment and name needs to have some cleaning of XSS and overhead spaces/line feeds.

My validation with sanitazion would look like this:

$this->form_validation->set_rules('name', 'Name', 'required|trim|xss_clean');
$this->form_validation->set_rules('email', 'Email', 'required|trim|valid_email');
$this->form_validation->set_rules('comment', 'Comment', 'required|trim|xss_clean');

Sanitize what you must – not what you can – and do the sanitaziton for what you need.
Make sure, when you insert the data to your backend to use the Active Record/Query Builder for escaping your input correctly or that your are using Query Bindings which does the same for you.

original source

http://stackoverflow.com/questions/14757812/codeigniter-best-practice-to-sanitize-input

Different type of sleep mode on Mac

Go to terminal, type this command line

pmset -g | grep hibernatemode

The result will be either of the following

  • 0 = normal sleep for desktop (save in memory. use low power)
  • 1 = hibernate (save in hard disk. total off)
  • 3 = safe sleep (save in memory and hard disk. use low power)

To change, type this command line,

sudo pmset -a hibernatemode X

(X to replace with either 0, 1 or 3)

New things to learn

Getting started with some new tools. To get comfortable with uncomfortables.

Other things to checkout

Communicate clearly

An important skill to master is communicate clearly in simplest form possible. You can write maybe 3 paragraph to explain on something but you have option just to write maybe 2 sentences to cover what you want to deliver.

Something that you need to consider when writing.

1. Level of understanding on the recipient side. It varies among different people. So try to suit them.

2. Use shorter sentence

3. Re-read before send and try to make it even simpler. Remove the unnecessary. Simplify the rest.

When you can master this skill, your message will become clearer to the recipient. Less problem will raise because of misunderstanding or even not understand at all.