Pro PHP and jQuery by Jason Lengstorf.pdf - Computer Science ...

More documents

Recommendations

Info

208 CHAPTER 6 ■ PASSWORD PROTECTION SENSITIVE ACTIONS AND AREAS Improving Security with Salted Hashes While not bulletproof, adding a salt to your hashing algorithm will make cracking your users' passwords much more cumbersome for attackers. A salt is a string, either predefined or random, that is used in addition to the user input when hashing. Without using a salt, a password may be hashed like this: $hash = sha1($password); To add a random salt to the preceding hash, you could apply the following this code to it: $salt = substr(md5(time()), 0, 7); // create a random salt $hash = $salt . sha1($salt . $password); The preceding code generates a random seven-digit salt. The salt is prepended to the password string before hashing; this means that even if two users have the same password, their individual password hashes will be different. However, in order to reproduce that hash, the salt needs to be available. For this reason, the salt is also prepended, unencrypted, to the hash. This way, when a user signs in, you’re able to extract the salt from the hash when it’s retrieved from the database and use it to recreate the salted hash of the user’s password: $salt = substr($dbhash, 0, 7); // extract salt from stored hash $hash = $salt . sha1($salt . $_POST['password']); if ( $dbhash==$hash ) { echo "Match!"; } else { echo "No match."; } Incorporating Salted Hashes and Rainbow Tables By adding a salt, rainbow tables are rendered useless. A new table will need to be generated taking the salt into account in order to crack user passwords; while this isn’t impossible, it’s time-consuming for the attacker and adds an extra layer of security to your app. In most applications (especially those that don’t store much in the way of sensitive personal information such as credit card information), a salted password is deterrent enough to ward off potential attackers. As an additional countermeasure, it is also advisable to add a check for repeated failed attempts to log in. This way, an attacker has a finite number of attempts to crack a password before being locked out of the system. This can also prevent denial of service attacks, or attacks in which a huge volume of requests are sent in an attempt to overload a site and take it offline.
Creating this function is relatively straightforward, requiring only a few steps:
Page 1:
THE EXPERT’S VOICE ® IN OPEN SOU
Page 4 and 5:
ii Pro PHP and jQuery Copyright ©
Page 6 and 7:
iv Contents at a Glance ■About th
Page 8 and 9:
vi ■ CONTENTS Understanding jQuer
Page 10 and 11:
viii ■ CONTENTS Summary .........
Page 12 and 13:
x ■ CONTENTS ■Chapter 9: Perfor
Page 14 and 15:
xii About the Author ■ Jason Leng
Page 16 and 17:
xiv Acknowledgments I feel like I s
Page 19 and 20:
C H A P T E R 1 ■ ■ ■ Introdu
Page 21 and 22:
CHAPTER 1 ■ INTRODUCING JQUERY Th
Page 23 and 24:
SETTING UP A LOCAL TESTING ENVIRONM
Page 25 and 26:
google.load("jquery", "1.4.2");
Page 27 and 28:
Basic Selectors CHAPTER 1 ■ INTRO
Page 29 and 30:
Only one paragraph in our document
Page 31 and 32:
$(".foo+p"); CHAPTER 1 ■ INTRODUC
Page 33 and 34:
$("p:odd"); [ p.foo, p#bar ] Select
Page 35 and 36:
$("p:parent"); [ p, p.foo, p, p#bar
Page 37 and 38:
which returns the following in the
Page 39:
Selecting Only Enabled or Disabled
Page 42 and 43:
26 CHAPTER 2 ■ COMMON JQUERY ACTI
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 103 and 104:
C H A P T E R 3 ■ ■ ■ Object-
Page 105 and 106:
$obj = new MyClass; var_dump($obj);
Page 107 and 108:
CHAPTER 3 ■ OBJECT-ORIENTED PROGR
Page 109 and 110:
Page 111 and 112:
$obj = new MyClass; // Get the valu
Page 113 and 114:
} public function setProperty($newv
Page 115 and 116:
Page 117 and 118:
} } return $this->getProperty(); pu
Page 119 and 120:
Create a new object $newobj = new M
Page 121 and 122:
} } // Create a new object $newobj
Page 123 and 124:
Private Properties and Methods CHAP
Page 125 and 126:
} public function __construct() { e
Page 127 and 128:
*/ CHAPTER 3 ■ OBJECT-ORIENTED PR
Page 129 and 130:
Ease of Implementation CHAPTER 3
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
C H A P T E R 4 ■ ■ ■ Build a
Page 137 and 138:
CHAPTER 4 ■ BUILD AN EVENTS CALEN
Page 139 and 140:
# # DocumentRoot: The directory out
Page 141 and 142:
CHAPTER 4 ■ BUILD AN EVENTS CALEN
Page 143 and 144:
} ?> } } } CHAPTER 4 ■ BUILD AN E
Page 145 and 146:
■ Note For the sake of brevity, D
Page 147 and 148:
} ?> CHAPTER 4 ■ BUILD AN EVENTS
Page 149 and 150:
} ?> } include_once $filename; CHAP
Page 151 and 152:
private $_startDay; public function
Page 154 and 155:
138 CHAPTER 4 ■ BUILD AN EVENTS C
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175: 158 CHAPTER 4 ■ BUILD AN EVENTS C
Page 184 and 185: 168 CHAPTER 5 ■ ADD CONTROLS TO C
Page 216 and 217: 200 CHAPTER 6 ■ PASSWORD PROTECTI
Page 249: P A R T 3 ■ ■ ■ Combining jQu
Page 252 and 253: 236 CHAPTER 7 ■ ENHANCING THE USE
Page 274 and 275:
258 CHAPTER 7 ■ ENHANCING THE USE
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
264 CHAPTER 8 ■ EDITING THE CALEN
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 304 and 305:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 325:
P A R T 4 ■ ■ ■ Advancing jQu
Page 328 and 329:
312 CHAPTER 9 ■ PERFORMING FORM V
Page 330 and 331:
Page 332 and 333:
Page 334 and 335:
Page 336 and 337:
Page 338 and 339:
Page 340 and 341:
Page 342 and 343:
Page 344 and 345:
Page 346 and 347:
Page 348 and 349:
Page 350 and 351:
Page 352 and 353:
Page 354 and 355:
Page 356 and 357:
Page 358 and 359:
Page 361 and 362:
C H A P T E R 10 ■ ■ ■ Extend
Page 363 and 364:
$.validDate = function(date, option
Page 365 and 366:
Modifying the Initialization Script
Page 367 and 368:
Adding Methods to jQuery CHAPTER 10
Page 369 and 370:
over, then returns it to its origin
Page 371 and 372:
CHAPTER 10■ EXTENDING JQUERY ■
Page 373 and 374:
Defines default values for the plug
Page 375 and 376:
}); // Loads the event data from th
Page 377 and 378:
■ ■ ■ Index ■ Special Chara
Page 379 and 380:
■ C Calendar app JavaScript initi
Page 381 and 382:
saving new calendar events in addin
Page 383 and 384:
:eq( ) method, 17, 20, 26-27 equals
Page 385 and 386:
eginning of string, 324 character c
Page 387 and 388:
asic selectors in by class name, 12
Page 389 and 390:
.die( ) method, 75-76 .error( ) met
Page 391 and 392:
.parents( ) method, 33 .parentsUnti
Page 393 and 394:
overview, 328 regex pattern to vali
show all

Pro PHP and jQuery by Jason Lengstorf.pdf - Computer Science ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?