Setting up Cakephp for Application Development
Posted on | July 5, 2009 | No Comments
I like to keep the CAKPHP ROOT files (/cake/) in a folder of its own and my /app in the working folders. This way, the CAKEPHP ROOT files are not SVNed and that keeps my repos smaller.
My folder structure:
D:\www\cakephp_1_2
D:\www\video_tutorial\app
D:\www\video_tutorial\vendors
D:\www\project 1\app
D:\www\project 1\vendors
All my vendors files for all projects are stored in D:\www\cakephp_1_2\vendors. If it is project specific, it goes to the project’s own folder.
In the project’s folder, index.php in webroot folder, change the CAKE_CORE_INCLUDE_PATH constant to allow the app to locate the CAKEPHP ROOT files and include them.
D:\www\video_tutorial\app\webroot\index.php
/**
* The full path to the directory which holds "app", WITHOUT a trailing DS.
*
*/
if (!defined('ROOT')) {
define('ROOT', dirname(dirname(dirname(dirname(__FILE__)))));
}
/**
* The actual directory name for the "app".
*
*/
if (!defined('APP_DIR')) {
define('APP_DIR', basename(dirname(dirname(dirname(__FILE__)))).DS.'app');
}
/**
* The absolute path to the "cake" directory, WITHOUT a trailing DS.
*
*/
if (!defined('CAKE_CORE_INCLUDE_PATH')) {
define('CAKE_CORE_INCLUDE_PATH', ROOT.DS.'cakephp_1_2');
}
SG websites security lapses
Posted on | January 21, 2009 | No Comments
See this article on Straits Times
Sensitive information should be encrypted before transmitting thru the network!
Examples of sensitive information includes
- Login
Frequently, we use the same login id and password for several websites. A compromise on one website will lack to unauthorised login for rest. Say for example, you are using lollipop as password for online forum, email, facebook, friendster. If the online forum is compromised, the login username and password could be tried on your email website, facebook or friendster. - Credit Card Information
Imagine giving someone a shopping spree treat by transmitting your credit card number in email. Now who uses secure email? Hands up! Who know whether they are using secure or non-secure email? hmmm I see a lot of hands.Just yesterday, when booking hotel rooms, the hotel replied us, asking for my flight information and our credit card information to reserve the rooms. Well. Thanks to Mr PS for the reminder that it is not secure to transmit credit card information via email. Bad practice! You hotels should ask for the credit card information via an online form with secure connection. We end up forgoing that promotion but booked rooms using the online form instead.
- Address, SSN, IC No.
Identity theft.
Avoid publishing online your address, SSN, IC No, even phone number unless it is your business phone number.
Ways to Secure Data
- Passwords should be encrypted on client end before sending. Hashed version to be used for comparison.
- Credit Card numbers, SSN, IC No should be masked out leaving the last few digits
- Address if not necessary should not be printed out in email or web pages.
Thanks to Mr PS for supplying the link to an interesting article.
Now if you are confidence about your website or you need someone to test run your website to uncover security loopholes, you will be interested to know that Mr PS is offering his service. Email givemecake @ dev-work (d_o_t) com with your contact information and he will follow up with you.
