CEO Tim Cook even discussed the growth Apple has enjoyed in the Indian market: "iPhone sales grew by strong double-digits year-over-year, and in India and Vietnam sales more than doubled.
iPhone 5c 8GB - Llaunch
CEO Tim Cook even discussed the growth Apple has enjoyed in the Indian market: "iPhone sales grew by strong double-digits year-over-year, and in India and Vietnam sales more than doubled.
Detecting JavaScript and Cookie Compatibility
You may be expecting a huge dump of code to see if JavaScript and cookies are enabled. There ’ s no way
that you ’ d want to go through with something like that at this point in the project, so the following
minimalist code is offered as a decent check for JavaScript compatibility:
< noscript >
You will not be able to view this site if JavaScript is not enabled.
Please turn on JavaScript to use this site.
< /noscript >
all you need to put in your template view, and you ’ re 100 percent covered. If they don ’ t
have JavaScript turned on, they get this message. There really is no way to test to see if JavaScript is
turned on (after all, if it is off, you can ’ t run a test to see if it is on.
if (true){
//do something here, we must be on
}else{
//well shucks, JavaScript turned off, there’s no way to send an error message!
}
The < noscript > option is very straightforward and displays just the error message. You might want to
add some branding to it, like the Claudia ’ s Kids logo, maybe a phone number or other information, but
that ’ s about as good as it gets. You could also contemplate removing the AJAX handlers from the
shopping carts, but that seems a bit much.
The same thing goes when checking for cookie support. You ’ ll need just a small bit of code that will try
to set a test cookie with a value say, the integer 1. If the site can write the cookie and retrieve it OK, then
cookies are supported. If not, display an error message.
< script >
var tcookie = new Date();
check_cookie = (tcookie.getTime() + ‘’);
document.cookie = “check_cookie=” + check_cookie + “; path=/”;
if (document.cookie.indexOf(check_cookie,0) < 0) {
alert(“You will not be able to view this site if cookies are not enabled.
Please enable them now.”);
}
< /script >
that you ’ d want to go through with something like that at this point in the project, so the following
minimalist code is offered as a decent check for JavaScript compatibility:
< noscript >
You will not be able to view this site if JavaScript is not enabled.
Please turn on JavaScript to use this site.
< /noscript >
all you need to put in your template view, and you ’ re 100 percent covered. If they don ’ t
have JavaScript turned on, they get this message. There really is no way to test to see if JavaScript is
turned on (after all, if it is off, you can ’ t run a test to see if it is on.
if (true){
//do something here, we must be on
}else{
//well shucks, JavaScript turned off, there’s no way to send an error message!
}
The < noscript > option is very straightforward and displays just the error message. You might want to
add some branding to it, like the Claudia ’ s Kids logo, maybe a phone number or other information, but
that ’ s about as good as it gets. You could also contemplate removing the AJAX handlers from the
shopping carts, but that seems a bit much.
The same thing goes when checking for cookie support. You ’ ll need just a small bit of code that will try
to set a test cookie with a value say, the integer 1. If the site can write the cookie and retrieve it OK, then
cookies are supported. If not, display an error message.
< script >
var tcookie = new Date();
check_cookie = (tcookie.getTime() + ‘’);
document.cookie = “check_cookie=” + check_cookie + “; path=/”;
if (document.cookie.indexOf(check_cookie,0) < 0) {
alert(“You will not be able to view this site if cookies are not enabled.
Please enable them now.”);
}
< /script >
CodeIgniter system Folder
The system/ folder is where all the action happens. This folder contains all the CodeIgniter code of
consequence, organized into various folders:
application — The application foldercontains the application you ’ re building. Basically, this
folder contains your models, views, controllers, and other code (like helpers and class
extensions). In other words, this folder is where you ’ ll do 99 percent of your work.
cache — The cache foldercontains all cached pages for your application. In Chapter 9 , you learn
more about caching and how to turn your super - speedy development application into a
blazingly fast live application.
codeigniter — The codeigniter folderis where CodeIgniter ’ s core classes live. You have almost no
reason to go in here. All of your work will occur in the application folder. Even if your intent is
to extend the CodeIgniter core, you would do it with hooks, and hooks live in the application
folder.
database — The database foldercontains core database drivers and other database utilities. Again,
there ’ s no good reason for you to be in this folder.
fonts — The fonts foldercontains font - related information and utilities. Again, there ’ s no reason
to spend any time here.
helpers — The helpers foldercontains standard CodeIgniter helpers (such as date, cookie, and
URL helpers). You ’ ll make frequent use of helpers in your CodeIgniter career and can even
extend helpers thanks to improvements introduced in CodeIgniter version 1.6.
language — The language foldercontains language files. You can ignore it for now.
libraries — The libraries foldercontains standard CodeIgniter libraries (to help you with e - mail,
calendars, file uploads, and more). You can create your own libraries or extend (and even
replace) standard ones, but those will be saved in the application/libraries directory to keep
them separate from the standard CodeIgniter libraries saved in this particular folder.
logs — The logs folderis the folder CodeIgniter uses to write error and other logs to.
plugins — The plugins foldercontains plugins. Plugins and helpers are very similar, in that they
both allow developers to quickly address an issue or create content like forms, links, etc..
However, the main difference between them is that plugins usually consist of one function,
while helpers often have many functions bundled inside them.
consequence, organized into various folders:
application — The application foldercontains the application you ’ re building. Basically, this
folder contains your models, views, controllers, and other code (like helpers and class
extensions). In other words, this folder is where you ’ ll do 99 percent of your work.
cache — The cache foldercontains all cached pages for your application. In Chapter 9 , you learn
more about caching and how to turn your super - speedy development application into a
blazingly fast live application.
codeigniter — The codeigniter folderis where CodeIgniter ’ s core classes live. You have almost no
reason to go in here. All of your work will occur in the application folder. Even if your intent is
to extend the CodeIgniter core, you would do it with hooks, and hooks live in the application
folder.
database — The database foldercontains core database drivers and other database utilities. Again,
there ’ s no good reason for you to be in this folder.
fonts — The fonts foldercontains font - related information and utilities. Again, there ’ s no reason
to spend any time here.
helpers — The helpers foldercontains standard CodeIgniter helpers (such as date, cookie, and
URL helpers). You ’ ll make frequent use of helpers in your CodeIgniter career and can even
extend helpers thanks to improvements introduced in CodeIgniter version 1.6.
language — The language foldercontains language files. You can ignore it for now.
libraries — The libraries foldercontains standard CodeIgniter libraries (to help you with e - mail,
calendars, file uploads, and more). You can create your own libraries or extend (and even
replace) standard ones, but those will be saved in the application/libraries directory to keep
them separate from the standard CodeIgniter libraries saved in this particular folder.
logs — The logs folderis the folder CodeIgniter uses to write error and other logs to.
plugins — The plugins foldercontains plugins. Plugins and helpers are very similar, in that they
both allow developers to quickly address an issue or create content like forms, links, etc..
However, the main difference between them is that plugins usually consist of one function,
while helpers often have many functions bundled inside them.
CodeIgniter config.php
The config.php filecontains a series of configuration options all of them stored in a PHP array called,
appropriately enough, $config) that CodeIgniter uses to keep track of your application ’ s information
and settings.
The first configuration option you need to set inside config.php is the base URL of your application. You
do that by setting the absolute URL (including the http:// part) for $config[ ‘ base_url ’ ], like so:
$config[‘base_url’] = “http://www.example.com/test/”;
Once you ’ ve set this configuration option, you can recall it whenever you want using the CodeIgniter
base_url()function, which can be a very handy thing to know. This one feature keeps you from
having to rewrite hard - coded URLs in your application, when you migrate from development to test or
from test to production.
The second thing you need to do is set a value for your home page by editing the $config[ ‘ index_
page ’ ]configuration option. CodeIgniter ships with a value of “ index.php ” for this option, which
means that index.php will appear in all of your URLs. Many CodeIgniter developers prefer to keep this
value blank, like so:
$config[‘index_page’] = ‘’;
To make this work, you need to include an .htaccess file to the CodeIgniter root directory, After you ’ ve set this option value, there ’ s very little to do.
For now, leave all the other values at their
default settings:
$config[‘uri_protocol’] = “AUTO”;
$config[‘url_suffix’] = “”;
$config[‘language’] = “english”;
$config[‘charset’] = “UTF-8”;
$config[‘enable_hooks’] = FALSE;
$config[‘subclass_prefix’] = ‘MY_’;
$config[‘permitted_uri_chars’] = ‘a-z 0-9~%.:_-’;
$config[‘enable_query_strings’] = FALSE;
$config[‘controller_trigger’] = ‘c’;
$config[‘function_trigger’] = ‘m’;
$config[‘log_threshold’] = 0;
$config[‘log_path’] = ‘’;
$config[‘log_date_format’] = ‘Y-m-d H:i:s’;
$config[‘cache_path’] = ‘’;
$config[‘encryption_key’] = “enter_a_32_character_string_here”;
$config[‘sess_cookie_name’] = ‘ci_session’;
$config[‘sess_expiration’] = 7200;
$config[‘sess_encrypt_cookie’] = TRUE;
$config[‘sess_use_database’] = FALSE;
$config[‘sess_table_name’] = ‘ci_sessions’;
$config[‘sess_match_ip’] = FALSE;
$config[‘sess_match_useragent’] = TRUE;
$config[‘cookie_prefix’] = “”;
$config[‘cookie_domain’] = “”;
$config[‘cookie_path’] = “/”;
$config[‘global_xss_filtering’] = TRUE;
$config[‘compress_output’] = FALSE;
$config[‘time_reference’] = ‘local’;
$config[‘rewrite_short_tags’] = FALSE
For more details on each of these configuration options, simply read the comments embedded in /
system/application/config/config.php. You will also get more detail on certain settings as you work
through the sections of the book and tweak the configuration as needed. For example, at some point, you
will want to use encryption for security purposes or set your logging threshold for debugging, and they
both require making changes to this file.
CodeIgniter ’ s Global XSS Filtering option is set to FALSE by default. The online User Guide suggests
that setting this to TRUE adds a lot of performance overhead to the system. However, at this point, it is
better to have some global protection put in place. That way you can be assured of some security
precautions while you ’ re in development. Chapter 9 discusses security issues in more depth, but for
now, it ’ s good to have something in place while you ’ re developing.
In the same security vein, notice that sess_encrypt_cookie has been set to TRUE, and that you are to
enter a 32 - character encryption salt in encryption_key. Doing these two things will encrypt any
sessions and provide a salt for any hashing methods you use. Be sure to use a random string of upper -
and lowercase letters and numbers.
One final note before moving on: Make sure that you write down your encryption key and keep it safe
somewhere, or, at least, maintain good backups. You ’ ll need the key to retrieve other information, so if
your site is compromised or erased or if you lose your key any other way, you ’ ll be glad you have a
record of it.
appropriately enough, $config) that CodeIgniter uses to keep track of your application ’ s information
and settings.
The first configuration option you need to set inside config.php is the base URL of your application. You
do that by setting the absolute URL (including the http:// part) for $config[ ‘ base_url ’ ], like so:
$config[‘base_url’] = “http://www.example.com/test/”;
Once you ’ ve set this configuration option, you can recall it whenever you want using the CodeIgniter
base_url()function, which can be a very handy thing to know. This one feature keeps you from
having to rewrite hard - coded URLs in your application, when you migrate from development to test or
from test to production.
The second thing you need to do is set a value for your home page by editing the $config[ ‘ index_
page ’ ]configuration option. CodeIgniter ships with a value of “ index.php ” for this option, which
means that index.php will appear in all of your URLs. Many CodeIgniter developers prefer to keep this
value blank, like so:
$config[‘index_page’] = ‘’;
To make this work, you need to include an .htaccess file to the CodeIgniter root directory, After you ’ ve set this option value, there ’ s very little to do.
For now, leave all the other values at their
default settings:
$config[‘uri_protocol’] = “AUTO”;
$config[‘url_suffix’] = “”;
$config[‘language’] = “english”;
$config[‘charset’] = “UTF-8”;
$config[‘enable_hooks’] = FALSE;
$config[‘subclass_prefix’] = ‘MY_’;
$config[‘permitted_uri_chars’] = ‘a-z 0-9~%.:_-’;
$config[‘enable_query_strings’] = FALSE;
$config[‘controller_trigger’] = ‘c’;
$config[‘function_trigger’] = ‘m’;
$config[‘log_threshold’] = 0;
$config[‘log_path’] = ‘’;
$config[‘log_date_format’] = ‘Y-m-d H:i:s’;
$config[‘cache_path’] = ‘’;
$config[‘encryption_key’] = “enter_a_32_character_string_here”;
$config[‘sess_cookie_name’] = ‘ci_session’;
$config[‘sess_expiration’] = 7200;
$config[‘sess_encrypt_cookie’] = TRUE;
$config[‘sess_use_database’] = FALSE;
$config[‘sess_table_name’] = ‘ci_sessions’;
$config[‘sess_match_ip’] = FALSE;
$config[‘sess_match_useragent’] = TRUE;
$config[‘cookie_prefix’] = “”;
$config[‘cookie_domain’] = “”;
$config[‘cookie_path’] = “/”;
$config[‘global_xss_filtering’] = TRUE;
$config[‘compress_output’] = FALSE;
$config[‘time_reference’] = ‘local’;
$config[‘rewrite_short_tags’] = FALSE
For more details on each of these configuration options, simply read the comments embedded in /
system/application/config/config.php. You will also get more detail on certain settings as you work
through the sections of the book and tweak the configuration as needed. For example, at some point, you
will want to use encryption for security purposes or set your logging threshold for debugging, and they
both require making changes to this file.
CodeIgniter ’ s Global XSS Filtering option is set to FALSE by default. The online User Guide suggests
that setting this to TRUE adds a lot of performance overhead to the system. However, at this point, it is
better to have some global protection put in place. That way you can be assured of some security
precautions while you ’ re in development. Chapter 9 discusses security issues in more depth, but for
now, it ’ s good to have something in place while you ’ re developing.
In the same security vein, notice that sess_encrypt_cookie has been set to TRUE, and that you are to
enter a 32 - character encryption salt in encryption_key. Doing these two things will encrypt any
sessions and provide a salt for any hashing methods you use. Be sure to use a random string of upper -
and lowercase letters and numbers.
One final note before moving on: Make sure that you write down your encryption key and keep it safe
somewhere, or, at least, maintain good backups. You ’ ll need the key to retrieve other information, so if
your site is compromised or erased or if you lose your key any other way, you ’ ll be glad you have a
record of it.
Yahoo! Directory
While Yahoo! Search tries to include as many sites as possible
in its index, the Yahoo! Directory is more like an exclusive club, where sites
have to be approved by Yahoo! Editors. Because Yahoo! wants to maintain a highly
useful directory, the steps for inclusion are a bit more involved.
To see if your site is already listed in the Yahoo! Directory,
browse to http://dir.yahoo.com and search for the title of your site. If
you don't see your site among the results, you can suggest your site to the
Yahoo! Directory.
The first thing you need to determine about your site is
whether it's commercial or noncommercial, because you'll need to pay $299 to
submit a commercial site. According to Yahoo!, "If your site sells something,
promote[s] goods and services, or represents a company that sells products
and/or services," your site is commercial and should
be listed somewhere in the Business and Economy category within the directory.
If your site is purely personal, informational, or not-for-profit, your site is
noncommercial. A banner ad or text ad on your site doesn't necessarily make your
site commercial; if you have such an ad, it'll be up to the Yahoo! Editors to
decide whether your site is commercial.
Adding a noncommercial site.
The first step to adding a noncommercial site is to find the
appropriate category for your site. If you know of some sites that are similar
to yours, you might try searching for the titles of those sites within the
directory to see how they're categorized. Otherwise, start browsing through the
directory at http://dir.yahoo.com for the most appropriate place for your
site. If your site is a personal home page, browse to "Society and Culture" People
Personal Home Pages. If your site is a weblog, you'll want to browse to
"Computers and Internet" Internet World Wide Web Weblogs.
Once you've found the appropriate category, click the "Suggest
a Site" link at the top of the page. Choose Standard Consideration and follow
the instructions for adding a site. You'll have the option to include a site
title, URL, geographic location, and description. If you have suggestions about
other categories that your site might be appropriate for, you can include those
suggestions in notes to Yahoo! Editors.
Once you've made your submission, the waiting game begins.
Yahoo! doesn't guarantee that all sites submitted will be reviewed, and many
sites are not included in the directory. If your site doesn't show up in the
directory within two or three weeks, you can resubmit your site using the same
process. Multiple submissions in a short period of time could exclude your site
from consideration altogether. To be guaranteed a response about your site's
placement within the directory, you can submit your site as if it were a
commercial site, paying the commercial fee.
|
What is Web browser?
Software that lets a user view HTML documents and access
files and software related to those documents. Originally developed to allow
users to view or browse documents on the World Wide Web, Web browsers can blur
the distinction between local and remote resources for the user by also
providing access to documents on a network, an intranet, or the local hard
drive. Web browser software is built on the concept of hyperlinks, which allow
users to point and click with a mouse in order to jump from document to document
in whatever order they desire. Most Web browsers are also capable of downloading
and transferring files, providing access to newsgroups, displaying graphics
embedded in the document, playing audio and video files associated with the
document, and executing small programs, such as Java applets or ActiveX controls
included by programmers in the documents. Helper applications or plug-ins are
required by some Web browsers to accomplish one or more of these tasks. Also called: browser.
What is timing attack?
An attack on a cryptographic system that exploits the
fact that different cryptographic operations take slightly different amounts of
time to process. The attacker exploits these slight time differences by
carefully measuring the amount of time required to perform private key
operations. Taking these measurements from a vulnerable system can reveal the
entire secret key. Cryptographic tokens, network-based cryptosystems, and other
applications where attackers can make reasonably accurate timing measurements
are potentially at risk from this form of attack.
What is macro assembler?
An assembler that can perform macro substitution and
expansion. The programmer can define a macro that consists of several statements
and then use the macro name later in the program, thus avoiding having to
rewrite the statements. For example, a macro called swap
exchanges the values of two variables: After defining swap, the programmer can
then insert an instruction such as “swap a, b” in the assembly language program.
While assembling, the assembler replaces the instruction with the statements
within the macro that swap the values of the variables a
and b.
E-Mail Security
When an e-mail message is sent between two distant sites, it will generally
transit dozens of machines on the way. Any of these can read and record the
message for future use. In practice, privacy is nonexistent, despite what many
people think. Nevertheless, many people would like to be able to send e-mail
that can be read by the intended recipient and no one else: not their boss and
not even their government. This desire has stimulated several people and groups
to apply the cryptographic principles we studied earlier to e-mail to produce
secure e-mail. In the following sections we will study a widely-used secure
e-mail system, PGP, and then briefly mention two others, PEM and S/MIME. For
additional information about secure e-mail.
PGP supports four RSA key lengths. It is up to the user to
select the one that is most appropriate. The lengths are
-
Casual (384 bits): can be broken easily today.
-
Commercial (512 bits): breakable by three-letter organizations.
-
Military (1024 bits): Not breakable by anyone on earth.
-
Alien (2048 bits): Not breakable by anyone on other planets, either.
Since RSA is only used for two small computations, everyone
should use alien strength keys all the time.
Key management has received a large amount of attention in PGP
as it is the Achilles heel of all security systems. Key management works as
follows. Each user maintains two data structures locally: a private key ring and
a public key ring. The private key ring
contains one or more personal private-public key pairs. The reason for
supporting multiple pairs per user is to permit users to change their public
keys periodically or when one is thought to have been compromised, without
invalidating messages currently in preparation or in transit. Each pair has an
identifier associated with it so that a message sender can tell the recipient
which public key was used to encrypt it. Message identifiers consist of the
low-order 64 bits of the public key. Users are responsible for avoiding
conflicts in their public key identifiers. The private keys on disk are
encrypted using a special arbitrarily long password to protect them against
sneak attacks.
The public key ring contains
public keys of the user's correspondents. These are needed to encrypt the
message keys associated with each message. Each entry on the public key ring
contains not only the public key, but also its 64-bit identifier and an
indication of how strongly the user trusts the key.
Digital Signatures
The authenticity of many legal, financial, and other documents
is determined by the presence or absence of an authorized handwritten signature.
And photocopies do not count. For computerized message systems to replace the
physical transport of paper and ink documents, a method must be found to allow
documents to be signed in an unforgeable way.
The problem of devising a replacement for handwritten
signatures is a difficult one. Basically, what is needed is a system by which
one party can send a signed message to another party in such a way that the
following conditions hold:
-
The receiver can verify the claimed identity of the sender.
-
The sender cannot later repudiate the contents of the message.
-
The receiver cannot possibly have concocted the message himself.
The first requirement is needed, for example, in financial
systems. When a customer's computer orders a bank's computer to buy a ton of
gold, the bank's computer needs to be able to make sure that the computer giving
the order really belongs to the company whose account is to be debited. In other
words, the bank has to authenticate the customer (and the customer has to
authenticate the bank).
The second requirement is needed to protect the bank against
fraud. Suppose that the bank buys the ton of gold, and immediately thereafter
the price of gold drops sharply. A dishonest customer might sue the bank,
claiming that he never issued any order to buy gold. When the bank produces the
message in court, the customer denies having sent it. The property that no party
to a contract can later deny having signed it is called nonrepudiation. The digital signature schemes that we
will now study help provide it.
The third requirement is needed to protect the customer in the
event that the price of gold shoots up and the bank tries to construct a signed
message in which the customer asked for one bar of gold instead of one ton. In
this fraud scenario, the bank just keeps the rest of the gold for itself.
Symmetric-Key Signatures
One approach to digital signatures is to have a central
authority that knows everything and whom everyone trusts, say Big Brother (BB). Each user then
chooses a secret key and carries it by hand to BB's office. Thus, only Alice and BB know Alice's secret key, KA, and so
on.
When Alice wants to send a signed plaintext message, P, to her banker, Bob, she generates KA(B, RA, t, P), where B is Bob's
identity, RA is a random number chosen by Alice, t is a timestamp to ensure freshness, and KA(B, RA, t, P) is the message encrypted with her key, KA. BB sees that the message is from Alice, decrypts it,
and sends a message to Bob as shown. The message to Bob contains the plaintext
of Alice's message and also the signed message KBB (A, t, P). Bob now carries out Alice's request.
Public-Key Signatures
A structural problem with using symmetric-key cryptography for
digital signatures is that everyone has to agree to trust Big Brother.
Furthermore, Big Brother gets to read all signed messages. The most logical
candidates for running the Big Brother server are the government, the banks, the
accountants, and the lawyers. Unfortunately, none of these organizations inspire
total confidence in all citizens. Hence, it would be nice if signing documents
did not require a trusted authority.
Fortunately, public-key cryptography can make an important
contribution in this area. Let us assume that the public-key encryption and
decryption algorithms have the property that E(D(P)) = P in addition, of
course, to the usual property that D(E(P)) = P. (RSA has this property, so the assumption is not
unreasonable.) Assuming that this is the case, Alice can send a signed plaintext
message, P, to Bob by transmitting EB(DA(P)). Note carefully that
Alice knows her own (private) key, DA, as well as Bob's public key, EB, so
constructing this message is something Alice can do.