Pages



Recent Posts


Welcome to IT Care Load More

Thursday, 15 May 2014

Dropbox disables old shared document links to prevent unauthorized access




dropbox-logo


                On 5th May 2014, Dropbox disabled old shared documents link to prevent unauthorized access to files. Before this change anyone can access shared file point to point using link. It may be possible that this link can have by only known users but when it went in unknown hands then it became serious security question.

                “The company said in a blog post Monday. Contacted for this article, the company declined to say how it had resolved the issue. They also implied that this problem affects another online storage box.net. How those links of documents came to be used as search terms will be no rules to anyone who has ever pasted a URL into the search box of their browser instead of the address box. Alongside the search results for that URL, the search engine also returns ads.

                User can also re-enable these links but please keep in mind that re-enabling these links will reintroduce the vulnerability. Here is some instructions to re-enable these links.


Steps to remove an existing links
                    
                    1Sign in to drop box website.
            2Browse or search for the file or folder you'd like to share.
            3Right-click on the file or folder in the list and select Share link from the pop-up menu.
            4Fill out information as needed to send the link to your recipients.

Steps to create new links
            1. Sign in to drop box website.
            2. Browse or search for the file or folder you'd like to share.
            3. Right-click on the file or folder in the list and select Share link from the pop-up menu.
            4. Fill out information as needed to send the link to your recipients.

To send out a shared link to more people later, simply right-click on the file or folder again and select Share link from the pop-up menu.






Read More

Monday, 5 May 2014

Working with .htaccess

.htaccess



                we can all agree that pretty URLs make things easier for our users and adds a level of professionalism and polish to any web application. We must accept that twitter is widely popular web application and a part for reason for that is most certainly how its formats URL.

                .htaccess file is directory-Level configuration that allows decentralized management of web server configuration. It Simply means hypertext access. The purpose of it is to allow pre-directory access control. For example, to set password to access content of web server or to deny user to access certain files.
.htaccess files are stored inside web tree. Some of the work of .htaccess file is as below.


* Rewriting URLS.
                To replace or remove specific content of URL.

* Blocking
                Block users, domains, IP addresses by using deny / allow.

* Directory listing & Customized Error response
                Controls how server react when specific web page not available Ex. Pages like 404 & 500

Here we will learn some tricks to create user friendly URL.

1) Remove extension of PHP/HTML file and make readable URL that contain queries.

URL

.htaccess
RewriteEngine on
RewriteRule ^/index/([0-9]+)\.html /index.php?index_id=$1                 

Result


2) Remove particular content from URL using .htaccess

URL
Mysite.com/folder/test.php

We will use two .htaccess file to remove content `folder` from URL

-> Goto `root/folder/.htaccess`

RewriteEngine on
RewriteCond %{request}^[A-Z]{3,}\s/+folder([^\s]*) [NC]
RewriteRule ^%1 [R=301,L]


-> Goto `root/.htaccess`
RewriteEngine on
RewriteRule !^/?folder folder%{REQUEST_URI} [L,NC]


3) Block particular domain

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} domainname\.com [NC]
RewriteRule .* - [F]

4) allow/block particular IP address

-> Block all
     deny all               
-> allow/Block Specific IP address
    order allow,deny
    allow from all
    deny from 120.177.166.165
-> block IP address Range
    deny from 123.123.123

5) Limit the Number of Concurrent Visitors to your Website
    MaxClients <Number of max clients>


6) Deny access to folder during particular time

    RewriteEngine On
    # Then deny all access
    RewriteRule ^.*$ - [F,L]
    # If the hour is 16 (4 PM)
    RewriteCond %{TIME_HOUR} ^16$
    # Multiple hour blocks
    # If the hour is 4 PM or 5 PM or 8 AM
    RewriteCond %{TIME_HOUR} ^16|17|08$

7) Redirect specific URL to another URL

Redirect /path/folder/1/2/3 http://www.musite.com/newpath/1/2/3



Read More

Friday, 2 May 2014

Viber's Poor Security Practices Backhole in User's Privacy

viber
Viber
       
Last week, Cyber Experts Reported vulnerability in one of the most popular messaging application of world Viber. They claimed that Viber's poor data security practices threaten privacy of its more than 150 million active users.

Cross Platform Viber application is one of the most popular messaging application. It allows registered users to send images, videos, doodles, GPS Locations etc. along with each other and its most popular feature Voice Calling which is available for Android, BlackBerry, Windows phone.
Viber stress user’s Data in Amazon server in Encrypted form. But, It does not store images and videos in Encrypted form that can be easily accessed without any authentication and provide large security hole.



 The main issue is that the above-mentioned data is unencrypted, leaving it open for interception through either a Rogue AP, or any man-in-the middle attacks. The researcher wrote in the blog post.

Critical data can easily accessed by and firewall or Network testing tool like Netwitness, Wireshark etc. to capture traffic on network as shown in video.


“ It is important to let the people know of these vulnerabilities, therefore, we chose to publish these results and the video in this post.“







Read More

Saturday, 26 April 2014

How to pass parameter in bootstrap Modal


bootstrap-Modal


                Bootstrap is one of the best CSS Framework widely used by developers who don’t like spend days of week for CSS coding (Most boring and difficult to maintain redundant code). Its is quite simple and flexible framework. Now developers can design light weight websites in couple of days instead of spending weeks to design website. It also provides plugins Ex, Dropdowns, Button Groups, Alerts, Process Bars and Modals.

Here Mostly developers face problem with Extensive components. Sometimes developer faces problem to pass variables in Model and save modal element values to mysql table.


Create MYSQL table as below which will be used to save modal element’s value.

CREATE TABLE IF NOT EXISTS `inward` (
  `ent_no` int(11) NOT NULL AUTO_INCREMENT,
  `inw_no` int(11) DEFAULT NULL,
  `item_code` int(11) DEFAULT NULL,
  `item_name` varchar(30) DEFAULT NULL,
  `item_rate` double DEFAULT NULL,
  `item_qty` double DEFAULT NULL,
  `item_unit` varchar(5) DEFAULT NULL,
  `item_vat` double DEFAULT NULL,
  `item_addvat` double DEFAULT NULL,
  `total` double DEFAULT NULL,
  `created_by` varchar(15) DEFAULT NULL,
  `created_date` date DEFAULT NULL,
  `edit_count` int(4) DEFAULT NULL,
  PRIMARY KEY (`ent_no`)
) ENGINE=InnoDB  DEFAULT CHARSET=latin1 AUTO_INCREMENT=11 ;



STEP - 1

Create webpage named index.php and import bootstrap css & JS files in header. Download Bootstrap from here.
Create Button to call modal on `onclick` event. It is formatted by bootstrap style.

<button data-id='" . $var. "' type='button' data-toggle='modal' id='edititem' class='btn btn-outline btn-warning btn-xs'>
           Launch Modal
</button>

button
Output


`$var` is variable that we will pass to modal. `edititem` id added to button.



Step-2

Create Modal with form and form fields item_code,rate,unit,vat,additional vat..


<div class="modal fade" id="myModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
    <div class="modal-dialog">
        <div class="modal-content">
            <div class="modal-header">
                <button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
                <h4 class="modal-title" id="myModalLabel">Inward Items</h4>
            </div>
            <form class="inwarditem">
                                                                           
            <fieldset>
            <div class="modal-body">
                    <input type="hidden" id="ent_no" name="ent_no" value="<?php echo $ent_no; ?>" />
                   
                    <div class="form-group">
                        <label class="form-label">Item Name</label>
                        <input class="form-control"  name="item_code" type="text" value="<?php echo $item_code; ?>"/>
                    </div>                   
                    <div class="form-group">
                        <label class="form-label">Rate</label>
                        <input class="form-control"  name="item_rate" type="text" value="<?php echo $item_rate; ?>"/>
                    </div>
                   
                    <div class="form-group">
                        <label class="form-label">Qty</label>
                        <input class="form-control"  name="item_qty" type="text" value="<?php echo $item_qty; ?>"/>
                    </div>
                   
                    <div class="form-group">
                        <label class="form-label">Unit</label>
                        <input class="form-control"  name="item_unit" type="text" value="<?php echo $item_unit; ?>"/>
                    </div>
                   
                    <div class="form-group">
                        <label class="form-label">Vat</label>
                        <input class="form-control"  name="item_vat" type="text" value="<?php echo $item_vat; ?>"/>
                    </div>
                   
                    <div class="form-group">
                        <label class="form-label">Additional Vat</label>
                        <input class="form-control"  name="item_addvat" type="text" value="<?php echo $item_addvat; ?>"/>
                    </div>
                 </div>
            </fieldset>
            </form>
           
            <div class="modal-footer">
                <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
                <button type="button" id="submit-detail" class="btn btn-primary">Save changes</button>
            </div>
        </div>
        <!-- /.modal-content -->
    </div>
    <!-- /.modal-dialog -->
 </div> 

Now modal will look as

modal



STEP-3

Insert JS code at bottom of page. It will set parameter value of variable and pass it to modal. At last it will call modal .

<script>
         $(function() {
        //twitter bootstrap script
                                       $("button#submit-detail").click(function(){
                                                                $.ajax({
                                                                type: "POST",
                                                                url: "process.php",
                                                                data: $('form.inwarditem').serialize(),
                                                                success: function(msg){
                                                                       $("#thanks").html(msg)
                                                                               
                                                                },
                                                                error: function(){
                                                                                alert("failure");
                                                                }
                                                                });
                                       });
        });
    </script>

Above Code will call on `onclick` event of button and run code of `process.php`.
`data: $('form.inwarditem').serialize(), `  pass form element’s value to page with `POST` request.


STEP-4

Now, Create webpage `process.php` and past below code in it.


<?php

        $con = mysql_connect('localhost','root','');
        mysql_select_db('account',$con) or die(mysql_error());
       
        if($_POST['inw_no']){           
            $item_code       = strip_tags($_POST['item_code']);
            $item_rate       = strip_tags($_POST['item_rate']);
            $item_unit       = strip_tags($_POST['item_unit']);
            $item_qty        = strip_tags($_POST['item_qty']);
            $item_vat        = strip_tags($_POST['item_vat']);
            $item_addvat     = strip_tags($_POST['item_addvat']);

            $q = "update inward set item_code=$item_code, item_rate=$item_rate, item_unit=$item_unit, item_qty=$item_qty, item_vat=$item_vat, item_addvat=$item_addvat  where ent_no = $ent_no";   
            mysql_query($q,$con);

        }
?>

Finally it save data to mysql table.
That’s it you data is successfully save to mysql table.
For source code with Example or any queries / doubts contact me at click here






Read More
Subscribe
Labels
Popular Posts

Subscribe Via Email

Declaimer

We always host & upload file and data which is available on any popular sites available for anyone or search engines. If you have any problem with file, links or other content on this site contact us via Email All objectionable Contents will be removed from this site.



Search

Loading...

Follow by Email

Follow me

© IT Care All rights reserved | Designed By Gopal Joshi