Kurinchi Blogger Scribbles …

Posts Tagged ‘.htaccess’

Jul 16

How to turn off register_globals via php.ini?

Last updated: July 15th, 2009

It is always secured to turn OFF register_globals in PHP applications. Earlier, we have seen how to turn OFF register_globals setting via .htaccess file and in this blog we will use php.ini instead.

Using a text editor create a file called php.ini. This will be our first step.

Next, we need to add the following line of code in php.ini
register_globals = off

Upload php.ini file to the root folder where your application resides.

Jun 03

.htaccess purpose considerations

Last updated: June 3rd, 2009

.htaccess – Purpose, Considerations
.htaccess is a hidden file in the web server which comes in handy when the sites are hosted in shared environment.


Slight hit to performance takes place when .htaccess directive is set as Apache checks each directory for its existence before any file access in that directory

Next consideration will be with regards how the site owners manage the setting changes and its security which can be misused.

May 20

PHP Register Globals and Security Vulnerability

Last updated: May 21st, 2009

Register Globals directive is turned OFF from PHP version 4.2.

PHP Global Variables
Environment variables, GET, POST, Server, Cookie variables are knows as Global Variables.

When register_globals directive is turned ON (like what most ISP’s did), you can access/set the global variables like $username, $password instead of $_POST[“username”], $_POST[“password”].

Mar 16

.htaccess and custom error messages

Last updated: March 18th, 2009

Linux: .htaccess and custom error messages

When we create a domain and would like to have custom error messages for the sites that we build .htaccess file comes in handy.

There may be errors related to site access sucha as 401 – Unauthorized access, 404 – Document Not Found, 500 – Internal Server Error. To handle such error you can create a separate folder called “errors” for the site which will have the files error401.html, error404.html, error500.html each bearing the custom messages that you would like to have it published via the web. (more…)

Mar 11

Linux UBUNTU Basics: Creating user authentication

Last updated: March 18th, 2009

UBUNTU Basics: Creating user authentication

User authentication in *nix based system involves creating username and password for users to provide them access to directories or files. There are two steps involved in providing user authentication.
1) Creating user name and password file
2) Password protecting directories or files (more…)

Jan 08

How to find if mod_rewrite is enabled in Apache server?

Last updated: January 8th, 2009

Different hosting locations have different settings for mod_rewrrite module. In some locations it is turned ON by default and for some it isn’t.

If you are hosting your application in your local host or on a dedicated server, then it is a matter of editing httpd.conf file within Apache server folder. Ensure that (more…)

Dec 31

Setup cakePHP framework – stable version released

Last updated: December 31st, 2008

CakePHP commonly known as ‘Cake’ is easy to install and faster to configure. It needs Apache (with mod_rewrite enabled), Php 4.3.2 or higher, MySQL/PostgreSQL/other ODBC, ADODB compliant databases.

XAMPP by ApacheFriends or MAMP has a complete installation of the above products which is an ultimate time saver. But, you should prefer installing each software individually in order to get a grip on the subject.

You can download the latest release from http://cakeforge.org/frs/download.php/695/ (more…)

Dec 09

.htaccess – gzip output content

Last updated: December 9th, 2008

GZIP compression is used for compressing the content of the web pages by the server before the content (text & images) get passed to the browser. The browser takes this input and decompresses the content before delivering it to site users.

Compressing the content of the pages makes the page size small which in turn will have a positive & significant impact on the page loading. There is a misconception that the larger bandwidth availability or lesser file size is what is needed for faster page loading, which is not. (more…)

Valid HTML 4.01 Strict  Valid HTML 4.01 Strict