Chris Nizzardini, Salt Lake City Utah, Web Developer Specializing in LAMP+Ajax Since 2006

My Blog

Here is my awesome blog. You can find information on programming, linux, documentation, tips for code and database optimization, my thoughts and rants, and whatever else I feel like sharing. Feel free to contribute to the blog by posting comments and asking questions.

Archive for March, 2010

Fix Gnome Vino Server (VNC) From Randomly Closing on Ubuntu

Posted by chris on March 19th, 2010 Comments(0)

I’m not a fan of Gnomes implementation of the VNC Server on Ubuntu. It is always randomly closing on me. If you have SSH access to your desktop though you can remotely start the vino-server allowing you to once again VNC in.

Simply create the following script and name it something like start-vino.sh:

1
2
3
4
5

#!/bin/bash
gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
gconftool-2 --type bool --set /desktop/gnome/remote_access/prompt_enabled 0
export DISPLAY=:0.0
/usr/lib/vino/vino-server

Now chmod the script 744, giving only you the owner the ability to execute and modify the file. Next time your vino server dies, tunnel into your desktop and run this script. You can find more information by viewing this Ubuntu Forum thread.

In Linux (, , )

Type Casting In PHP To Prevent XSS and SQL Injection

Posted by chris on March 14th, 2010 Comment(1)

Lots of developers think the best way to prevent XSS and SQL injection attacks are by passing all user input through a filter function. If you’re one of these developers don’t worry, you’re still right. There is a better (less code and less CPU cycles) way to do this on certain user inputs though. Type casting to integers should be used on all user inputs that should be a numeric value. This ensures that a valid data type is being used and it automatically converts any strings to an integer. This effectively prevents any SQL injection or XSS attacks.

1

$customer_id = (int) $_POST['customer_id'];

This automatically prevents someone from being able to pass in something like:

1

1' OR 1='1

or

1

window.location 'aol.evilcloneofaol.com'

It should be noted that when casting a variable to an integer there are limitations to just how big that integer can be. On 32-bit systems the limit is 2,147,483,647 and on 64-bit systems the limit is 9,223,372,036,854,775,807. I’ve hit the limit on 32-bit systems, but never on a 64-bit. When the variable you are casting to an int is too large PHP will always just return the highest number it can. Leading to lots of confusion when trying to debug this error.

PHP Reference on Integers

In Programming (, , , , )