Working with Cakephp Ajax (Prototype)
Posted on | January 30, 2009 | 1 Comment
I have been working on a project that is quite heavy in ajax, using the AjaxHelper in Cakephp.
To note down a couple of things:
- Set up content type for Ajax response
- Pitfall when commenting out codes
- Callback types
1) Set the content type of Ajax response in app_controller beforeFilter()
if($this->RequestHandler->isAjax()) {
Configure::write('debug', 0);
$this->RequestHandler->setContent('javascript', 'text/javascript');
$this->RequestHandler->respondAs('javascript');
$this->layout = 'ajax';
}
Javascript codes returned in the response will be eval as javascript automatically without setting the evalscript:true in the Ajax options.
2) Always use <?php /* ?><?php */ ?> to comment out. I can’t remember how many times this has got me. I always comment out my html instead of deleting them in case they are needed again. Using html <!– //–> to comment out the html code which is mixed with php codes to generate the ajax sorting headers for table or ajax links, will cause javascript errors.
The error message is usually ‘element is null’, triggered somewhere in prototype.js.
Note to myself: Always use php comments to comment unused codes out!
3) The return callbacks to take note of
- loading (onLoading) : this is where you will want to show your loading message, disable the form to prevent user from submitting again by showing a modal message, etcUse $(’msg’).show() to display the loading spinnerResources for spinners
Generator – http://www.ajaxload.info/
More spinner images – http://www.loadinfo.net/ - complete (onComplete) : This is where you will deal with the response from the server. When using Ajax.Updater, the element will be updated automatically with the response. I am also enabling the form or removing the loading message in this callback.Use $(’msg’).hide() to hid the loading spinner
SG websites security lapses
Posted on | January 21, 2009 | No Comments
See this article on Straits Times
Sensitive information should be encrypted before transmitting thru the network!
Examples of sensitive information includes
- Login
Frequently, we use the same login id and password for several websites. A compromise on one website will lack to unauthorised login for rest. Say for example, you are using lollipop as password for online forum, email, facebook, friendster. If the online forum is compromised, the login username and password could be tried on your email website, facebook or friendster. - Credit Card Information
Imagine giving someone a shopping spree treat by transmitting your credit card number in email. Now who uses secure email? Hands up! Who know whether they are using secure or non-secure email? hmmm I see a lot of hands.Just yesterday, when booking hotel rooms, the hotel replied us, asking for my flight information and our credit card information to reserve the rooms. Well. Thanks to Mr PS for the reminder that it is not secure to transmit credit card information via email. Bad practice! You hotels should ask for the credit card information via an online form with secure connection. We end up forgoing that promotion but booked rooms using the online form instead.
- Address, SSN, IC No.
Identity theft.
Avoid publishing online your address, SSN, IC No, even phone number unless it is your business phone number.
Ways to Secure Data
- Passwords should be encrypted on client end before sending. Hashed version to be used for comparison.
- Credit Card numbers, SSN, IC No should be masked out leaving the last few digits
- Address if not necessary should not be printed out in email or web pages.
Thanks to Mr PS for supplying the link to an interesting article.
Now if you are confidence about your website or you need someone to test run your website to uncover security loopholes, you will be interested to know that Mr PS is offering his service. Email givemecake @ dev-work (d_o_t) com with your contact information and he will follow up with you.
Top 25 Most Dangerous Programming Mistakes
Posted on | January 14, 2009 | No Comments
Read about common top 25 most dangerous programming mistakes at http://www.codinghorror.com/blog/archives/001210.html
How are these prevented in CakePHP?
My Mobile Phone is missing
Posted on | January 10, 2009 | 6 Comments
Please excuse me if I failed to answer your smses or calls. My phone is found to be missing since 10th Jan 2009, from 1230 onwards. The exact time of it falling into third party’s hand is not clear.
LOST!
Nokia N82 – 1 W.Titanium/White
WLAN:001DFD7CB1F3
The IMEI number is 358984011720193
I have temporary suspended the line. Police report will be made first thing in the morning.
Just in case anyone is unsure of what to do if you lost your handphone for good. For example, you called your phone but there is no reply or the phone is switched off
1) Call your telco to suspend the line
2) Make a police report with the IMEI. Singapore police has a system called
Handphone IMEI Tracing System (HITS)
New handphone owners can login to check if your current phone has been report as stolen. Remember to get a copy of the police report so that you can go to the telcos and get them to inform you if the phone is being used with other SIM cards. I plan to do this and get my phone back plus the memory card inside. It is a 2GB micro sd card, with tons of photos and lovely memories.
The telco network will track the IMEI number when the phone is connected to the network. I am not sure if I need to go to the 3 telcos in SG to get them to acknowledge the report, track for my IMEI number and inform the phone of the unauthorised usage.
3) And like what I am doing here, publishing the lost phone’s IMEI number. You can do a search for the IMEI number. Get the IMEI number from your phone by keying in *#06#. Search for the number with a search engine to see if it is dubious.
There is no excuse for buying a stolen phone and using it. After all, you can one do a google search, two do an IMEI search in SG Police Force App called HITS and yes the phone came without the charger and everything else. There is no way you are going to get away with using a found handphone too. You will be tracked down with the IMEI number. Finders can’t be keepers anymore with modern technology. And yes any fees incurred when settling the dispute, will be spilt half half. 50%. That includes retrieve police reports, lawyer fees, transportation.
Why lawyer fees over a phone? Cos it is time to get really serious about everything. That includes cracking down on stealing. Severe action should be taken for theft cases.
I am looking forward to getting my phone back fully intact.
