Comments for Blog http://blog.builtbyprime.com Prime Studios Sat, 18 Dec 2010 19:00:00 +0000 hourly 1 http://wordpress.org/?v= Comment on Fire and Ice: Studio Fun and Photo Retouching by Prime Studios http://mattgaidica.com/fire-and-ice-photo-retouching/comment-page-1#comment-66 Prime Studios Sat, 18 Dec 2010 19:00:00 +0000 http://blog.primestudiosllc.com/?p=1347#comment-66 I will relay that comment to Bobby J., i'm sure he will be flattered lol! I will relay that comment to Bobby J., i’m sure he will be flattered lol!

]]> Comment on Fire and Ice: Studio Fun and Photo Retouching by Lois Carrie Bez http://mattgaidica.com/fire-and-ice-photo-retouching/comment-page-1#comment-65 Lois Carrie Bez Sat, 18 Dec 2010 13:24:00 +0000 http://blog.primestudiosllc.com/?p=1347#comment-65 So cool to see body sculpting done, even to men. Sir, your forearms are too muscular. Zip, zip. Thanks for sharing the process. Great photo. So cool to see body sculpting done, even to men. Sir, your forearms are too muscular. Zip, zip. Thanks for sharing the process. Great photo.

]]> Comment on CSRF Protection in Code Igniter using Form Tokens by Prime Studios http://blog.builtbyprime.com/security/csrf-protection-in-code-igniter-using-form-tokens/comment-page-1#comment-63 Prime Studios Sun, 07 Nov 2010 23:01:13 +0000 http://blog.primestudiosllc.com/?p=550#comment-63 Most definitely. If you were an admin, and your cookie is sitting in your browser to validate you, you could be tricked into submitting a form on another website, which triggers a "change price" action on your admin site, which would be bad. Thats just one example, and while admin forms are a little tighter because only a select few might have access to the form's code, and know its vulnerabilities, I wouldn't bank on that stopping anyone! Most definitely. If you were an admin, and your cookie is sitting in your browser to validate you, you could be tricked into submitting a form on another website, which triggers a “change price” action on your admin site, which would be bad. Thats just one example, and while admin forms are a little tighter because only a select few might have access to the form's code, and know its vulnerabilities, I wouldn't bank on that stopping anyone!

]]> Comment on CSRF Protection in Code Igniter using Form Tokens by Matt http://blog.builtbyprime.com/security/csrf-protection-in-code-igniter-using-form-tokens/comment-page-1#comment-62 Matt Sun, 07 Nov 2010 01:54:56 +0000 http://blog.primestudiosllc.com/?p=550#comment-62 One more question - what about administration panel forms? (e.g. add new product, add new category etc.) One more question – what about administration panel forms? (e.g. add new product, add new category etc.)

]]> Comment on CSRF Protection in Code Igniter using Form Tokens by Matt http://blog.builtbyprime.com/security/csrf-protection-in-code-igniter-using-form-tokens/comment-page-1#comment-61 Matt Wed, 03 Nov 2010 20:29:46 +0000 http://blog.primestudiosllc.com/?p=550#comment-61 ok,that sounds reasonable.<br>Thanks a lot, your tutorial was really helpful.<br> ok,that sounds reasonable.
Thanks a lot, your tutorial was really helpful.

]]> Comment on CSRF Protection in Code Igniter using Form Tokens by Prime Studios http://blog.builtbyprime.com/security/csrf-protection-in-code-igniter-using-form-tokens/comment-page-1#comment-60 Prime Studios Wed, 03 Nov 2010 19:26:26 +0000 http://blog.primestudiosllc.com/?p=550#comment-60 Thats a good question, and debatable. I typically put a token on each form, just because once it is built into the framework it is easy to do and it keeps all your code similar. It is especially important on e-commerce websites because you don't want a website other than yours to be able to POST form information to your scripts. For instance, if you have a cookie in your browser to keep you logged into your favorite online store, clicking a malicious form on another website could POST to your online store site and execute a function like "add to cart" or "checkout", provided it posts valid information, all because your browser is technically logged in that website. With a token (or nonce), it makes this very difficult.<br><br>Where I don't use tokens is things like "logout" links, or maybe "remove from cart" anchors.. because its not the end of the world if those are somehow compromised. Thats a good question, and debatable. I typically put a token on each form, just because once it is built into the framework it is easy to do and it keeps all your code similar. It is especially important on e-commerce websites because you don't want a website other than yours to be able to POST form information to your scripts. For instance, if you have a cookie in your browser to keep you logged into your favorite online store, clicking a malicious form on another website could POST to your online store site and execute a function like “add to cart” or “checkout”, provided it posts valid information, all because your browser is technically logged in that website. With a token (or nonce), it makes this very difficult.

Where I don't use tokens is things like “logout” links, or maybe “remove from cart” anchors.. because its not the end of the world if those are somehow compromised.

]]> Comment on CSRF Protection in Code Igniter using Form Tokens by Matt http://blog.builtbyprime.com/security/csrf-protection-in-code-igniter-using-form-tokens/comment-page-1#comment-59 Matt Wed, 03 Nov 2010 11:37:38 +0000 http://blog.primestudiosllc.com/?p=550#comment-59 Hi,<br>Should all forms on a website be protected with a token? (For example on a ecommerce website there are many types of forms: add to cart, request a printed catalogue, enquiry form, checkout/order etc.; which of these need a token?) Hi,
Should all forms on a website be protected with a token? (For example on a ecommerce website there are many types of forms: add to cart, request a printed catalogue, enquiry form, checkout/order etc.; which of these need a token?)

]]> Comment on 10 Handy Camera Bag Items by Janet Creque http://mattgaidica.com/10-handy-camera-bag-items/comment-page-1#comment-58 Janet Creque Mon, 01 Nov 2010 04:46:15 +0000 http://blog.primestudiosllc.com/?p=96#comment-58 Great post!! Definitely going to add a couple things to my camera bag! Great post!! Definitely going to add a couple things to my camera bag!

]]> Comment on Adding Google Quick-add to Anything: The Textdate PHP Class by Prime Studios http://blog.builtbyprime.com/php/adding-google-quick-add-to-anything-the-textdate-php-class/comment-page-1#comment-55 Prime Studios Sat, 09 Oct 2010 08:22:00 +0000 http://blog.primestudiosllc.com/?p=979#comment-55 Good question, we used a variable for the tee time interval (which is usually 8 minutes for a golf course), and so it defaulted to scheduling events for exactly that amount of time. Then when a user requests to play at that time, if it is taken, we give a warning and suggest the closest open tee time. So with Google, you will just query your Calendar and for anything within that time range, and go from there. On top of that, you can add custom data to the event for amount of players, because some golf courses will put two pairs of people on the same tee time. I didn't post the link to the course, but I can email it if you just contact us from our homepage footer (I didn't want people making fake tee times!). Thanks and good luck. Good question, we used a variable for the tee time interval (which is usually 8 minutes for a golf course), and so it defaulted to scheduling events for exactly that amount of time. Then when a user requests to play at that time, if it is taken, we give a warning and suggest the closest open tee time. So with Google, you will just query your Calendar and for anything within that time range, and go from there. On top of that, you can add custom data to the event for amount of players, because some golf courses will put two pairs of people on the same tee time. I didn't post the link to the course, but I can email it if you just contact us from our homepage footer (I didn't want people making fake tee times!). Thanks and good luck.

]]> Comment on Adding Google Quick-add to Anything: The Textdate PHP Class by Altbiers http://blog.builtbyprime.com/php/adding-google-quick-add-to-anything-the-textdate-php-class/comment-page-1#comment-56 Altbiers Sat, 09 Oct 2010 08:02:22 +0000 http://blog.primestudiosllc.com/?p=979#comment-56 A friend of mine recently bought a golf course and I am trying to figure out how to do tee times with google's calendar as well. What did you do if there were people trying to book at the same time? Did you set up 10 minute intervals? A friend of mine recently bought a golf course and I am trying to figure out how to do tee times with google's calendar as well. What did you do if there were people trying to book at the same time? Did you set up 10 minute intervals?

]]>