Securing FTP-How

 Securing FTP
You can make your FTP uploads and downloads more secure in one of two
ways: through Secure File Transfer Protocol SFTP or Transport Layer
Security TLS.

SFTP
SFTP is a more secure way of uploading and downloading files than FTP.
When you use FTP, data is sent unencrypted, so someone who intercepts the
data can easily read it. SFTP encrypts the commands and the data to provide
a much more secure form of transport.

To use SFTP (also known as secure FTP or SSH file transfer protocol), your
host has to have configured the server to be able to accept a secure connection from you. Most shared hosts do not allow this because giving clients SSH
access opens doors for clients to get into areas of the server that the host
does not want them messing with.

The FTP and SFTP protocols work quite differently, and your host needs to
have opened a specific port and allowed you SSH login permission to be able
to connect with SFTP. If you do have SFTP access, the following steps show
how to make a connection using FileZilla. Other clients may differ slightly in
layout but require that you enter the same information

1. In your FTP client, select File➪Site Manager and create a new site.
2. Select the Protocol drop-down box and click SFTP.
The Site Manager dialog box opens, as shown in Figure 4-4.
3. Enter the Host name, Username, and Password, which are normally
the same as you would use with FTP.
4. Enter the correct setting in the Port field.
5. Click Connect and your client attempts to negotiate a secure connection.
If the client cannot connect, check with your host to confirm whether it
allows SFTP connections.
TLS
TLS offers a similar level of security to SFTP but is favored more highly by
hosts because it does not require that the client have SSH access to the
server.

The following steps describe how to connect using TLS and FileZilla:
1. Choose File➪Site Manager and create a new site or select an
existing one.
2. Enter your FTP details as normal.
www.it-ebooks.info
69 Chapter 4: Managing Files
3. Click in the Encryption drop-down box (see Figure 4-5) and select
either Explicit TLS or Implicit TLS.
See the “Explicit TLS versus Implicit TLS” sidebar for more information.
4. Connect as normal.

Setting and managing file permissions

File permissions are a powerful security tool created to give the server
administrator the capability to define exactly who can read, write, and execute any given file.
Each file has its own permissions, which are either expressed in a textual
form drwxrwxrwx or in numerical form, such as 755.
permissions shown in three-digit format in FileZilla.
The permissions are set for
 The owner:Usually the owner is the creator of the file, but that can be
changed, if necessary.

 The group:Groups are set up in UNIX/Linux to manage permissions.
Each user can be added to multiple groups, and each file can be in one
group. This enables you to restrict who has access to the file.

The public:Anybody who has access to the system is classed as a
member of the public group. That means all users are in the public group.

Read More

Latest SUPERHIT Top 10 Hindi Video Songs

Latest SUPERHIT Top 10 Hindi Video Songs

Read More

Oh Khuda Official Video Song

Oh Khuda  Official Video Song

Read More

Samsung Galaxy S5 LTE

An LTE-A-enabled edition of its Galaxy S5 flagship that's also set to come with a QHD display and Snapdragon 805 chipset exclusively for its home market of Korea.

Now, as if Korean residents weren't lucky enough, there's also word that Special Edition of the Galaxy S5 LTE-A will be making its way to customers of South Korea's primary carrier KT with a redesigned back panel. The new diamond-like texture will be making an appearance with KT's olleh branding, as part of another new back panel being tried out by the Korean company. Otherwise, the internals of the Special Edition of the LTE-A S5 will be the same as on the regular LTE-A version. Otherwise, new alleged benchmarks of the Galaxy S5 LTE-A have also surfaced.

Codenamed the SM-G906S, the AnTuTu 4 benchmark figures don't exactly show the mind-boggling numbers one would expect from a Snapdragon 805 chipset. Either processor performance truly does get affected by the presence of a QHD screen like we saw on the LG G3, or the numbers reflect an unfinalized build of the Galaxy S5.

In any event, we'll take the leaked figures with a grain of salt and hope for better performance in the finalized product - a product that we also hope will be released outside of Korea at some point.

Read More

Galaxy S5 Note 3 with Android

Samsung is apparently getting closer and closer to releasing its first software versions based on Android 4.4.3. The first devices to get an Android 4.4.3 build from the Korean company are going to be the Galaxy S5 and the Galaxy Note 3, it seems.

 That would make perfect sense, given how these are right now Samsung's flagships in their respective market segments. According to a purportedly leaked internal document, the Android 4.4.3 updates for both Snapdragon and Exynos versions of the Galaxy S5 have been finalized and are due out before the end of this month. In the case of the Galaxy Note 3, development has reached the final testing stage. If all goes well, the new bits should be ready to roll out to users sometime in July.

 Previous such leaked documents surfaced last month, when the Galaxy S5's update was still being worked on. Now that it's finalized, the guessing game begins - which will be the first territory (or carrier) to get Android 4.4.3? One thing to note is that the document pictured above has some odd font differences in it, which may indicate a bad Photoshop job. So do take this with a pinch of salt. Further complicating things is the fact that Google has just released Android 4.4.4 to its Nexus devices, a version that seems to contain a pretty important security fix.

Read More

top 20 Google Tools for business

Google’s search service.Google indexes and organizes the contents of the Web
in a huge database; it’s this database that you use to search the Web.

AdWords.This is a paid search placement program; you create ads and bid
on how much you’ll pay for each click the ad attracts. Each time someone
clicks on your ad, you gain a potential customer or client

AdSense.This program enables blog and Web site owners to run targeted ads
alongside their content; the content of the ads is intended to complement
what you’ve published yourself.

Google Apps.This service provides you with a domain name for a one-time
$10 fee and enables you to use a suite of business applications,
which multiple users can access.

Google Docs & Spreadsheets.This exciting and easy-to-use service gives you a
word processor and a spreadsheet application that you can use and access
for free.

Google Calendar.A default calendar is created for you when you sign up for
Google Apps; you can also create custom calendars and even embed calendars
 in Web pages.

Gmail.Google’s e-mail application comes with lots of storage space and an
integrated chat client to boot.

Google Talk.Google’s chat application lets you send instant messages and
even conduct real-time voice conversations through your computer.

Google Page Creator.This Web page editing tool lets you create your own
Web site to go along with your Google Apps domain name.

Blogger.Google’s popular, and free, blogging services lets you create your
own Web-based diary, complete with an index, an archive, and a comments
feature.

Checkout, Google Product Search, Catalogs.I’m fudging a bit and lumping
these three separate Google services into a single unit. Each one can help
commercial businesses sell products online

Google Base.A growing number of entrepreneurs are posting merchandise,
property, services, jobs, and lots of other things for sale in this Web
publishing area.

Google Gadgets.These easy-to-implement bits of Web content can make your
Web site more valuable and attract more repeat visits.

Google Analytics, Trends. These two analytical tools provide you with information
about visits to your own Web site and trends in Web searches, respectively.

Google Desktop, Toolbar.These two tools help you search more effectively, both
through files on your own computer and your local network (Desktop) as
well as the wider Internet Toolbar.

Picasa.This powerful photo viewing and editing tool automatically organizes
all the files on your desktop and lets you edit them as well.

Google Apps Premium.This corporate version of Google Apps guarantees
nearly 24/7 reliability and gives businesses the ability to write custom programs that
 interface with Google’s services.

Gmail Mobile and SMS.These tools let busy professionals search Google and
exchange messages.

Google Pack.This suite of applications will boost the functionality of virtually
any workstation.

Read More

HTTP Request Methods-PHP

• PHP
• Configuring
• Phpini
• Variables
• Datatypes
• Resources
• Phpmail
• Networking
• Session
• Array
• Execution
• secure
• Global
• Settime
• Mysql
• Php file

HTTP Request Methods The Internet’s HTTP protocol, commonly used to fetch Web pages, defines a number of “methods” that browsers can use to send requests and data to Web servers. Of the available methods, the two most important are the GET method and the POST method.
GET is the “default” method for the Internet, used whenever you request a page with your browser. All data in the request must be encoded in the URL.

POST is most often used for submitting forms. It allows additional form data to be sent with the request. HTML lets you specify the method to use for each formtag. Although GET is the default, it is most common to use POST, which avoids cluttering the URL with the submitted data.


Use the POST method when declaring your form in HTML. This prevents
form values from appearing in the URL, and allows a larger amount of data
to be submitted through the form.

Use PHP’s htmlspecialcharsfunction when populating form fields with
PHP values, to avoid malformed HTML.
PHP has its own wrappers for Curl, so we can use the same tool from within
PHP. A simple GETrequest looks like this:
<?php
$url = "http://oreilly.com";
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
?>
The previous example is the simplest form, setting the URL, making a request to its
location (by default this is a  GET  request), and capturing the output. Notice the use of
curl_setopt(); this function is used to set many different options on Curl handles and
it has excellent and comprehensive documentation on http://php.net. In this example,
it is used to set the  CURLOPT_RETURNTRANSFERoption to  true, which causes Curl to  return
the results of the HTTP request rather than  outputthem. In most cases, this option
should be used to capture the response rather than letting PHP echo it as it happens.
We can use this extension to make all kinds of HTTP requests, including sending custom
headers, sending body data, and using different verbs to make our request.
If you use normal HTTP, form data will be sent in “clear text” over the Internet
from the browser to the server. This means it can be intercepted by someone
using a packet sniffer. When you send confidential information such as financial details,
 use an encryption technology such as SSL.

<?php
$url = "http://requestb.in/example";
$data = array("name" => "Lorna", "email" => "lorna@example.com");
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_HTTPHEADER,
array('Content-Type: application/json')
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
curl_close($ch);
?>
Again,  curl_setopt()is used to control the various aspects of the request we send.
Here, a POSTrequest is made by setting the CURLOPT_POSToption to 1, and passing the
data we want to send as an array to the  CURLOPT_POSTFIELDSoption. We also set a
Content-Typeheader, which indicates to the server what format the body data is in; the
various headers

Assuming magic quotes is disabled on your server, and you have no other measures
in place to prevent it, this clever attack alters the meaning of the query:
SELECT * FROM users
WHERE username='' AND password='' OR username LIKE '%'

The modified query will select allrecords in the user table! When the script checks
whether any users matched the supplied user name and password combination,
it will see this big result set and grant access to the site

This can be prevented if we escape the incoming variables:

$sql = "SELECT * FROM users
WHERE username='" . safeEscapeString($_POST['username']). "'
AND password='" . safeEscapeString($_POST['password']). "'";
In some cases, depending on the circumstances, this may not be necessary.

Read More

Advantages of MySQL and PHP

Certain technologies play together better than others. PHP, a simple and powerful scripting language, and MySQL, a solid and reliable database server, make a perfect marriage between two modern technologies for building databasedriven, dynamic Web sites. Some of the advantages of both PHP and MySQL are:
•  High performance
•  Built-in libraries
•  Extensibility
•  Relatively low cost
•  Portability
•  Developer community
•  Ease of learning
High Performance
PHP is no longer considered just a grassroots scripting language, but now with PHP 5, and its highly efficient built-in Zend engine, PHP accommodates developers and IT decision makers in the business trend to rapidly release and update software on the Web faster than conventional programming cycles have allowed.
MySQL, a highly optimized database server, provides the response time and throughput to meet the most demanding applications.With PHP scripts connected to a MySQL database, millions of pages can be served on a single inexpensive server.
Built-In Libraries
PHP comes with many built-in functions addressing common Web development tasks. Problems encountered by other programmers have been solved and packaged into a library of routines, made available to the PHP community. The official PHP Web site at http://www.php.netprovides excellent documentation explaining how to use all of the functions currently available.
Extensibility
PHP and MySQL are both extensible, meaning that developers around the world are contributing add-on modules to extend the functionality and power of the languages to stay current with the growing market needs and standards of the day. You can also obtain the source code for both PHP and MySQL. Source code is the code that a program consists of before theprogram is compiled; that is, the original building instructions of a program.
Relatively Low Cost
As a Web developer you can demand a lot more money for your time if you can master PHP and MySQL. Because they are open source projects, there is no licensefee associated with using PHP or MySQL. Because both applications run on almost any platform, you also have a wide range of hardware choices lowering the total cost of ownership. With so many qualified PHP developers sharing information on the Web, and excellent online documentation, you can get the most up-to-date, reliable information without paying for it.
Portability
PHP and MySQL run on almost any platform, including Linux, Windows, Mac OS X, FreeBSD, Solaris, and so on. If well written, you can simply copy the code from one server to another and expect the same results, perhaps with some minor adjustments.
Developer Community
Both PHP and MySQL have a huge following in the development community. If you run into a problem, you can usually very quickly find support on the Web, where your problem can be posted, identified, and resolved by other users and developers sharing your problem. Developers worldwide are constantly finding and resolving bugs and security holes, while working to keep these languagesup-to-date and optimized.
Ease of Learning
PHP and MySQL are relatively easy to learn. Most of the PHP constructs are similar to other languages, specifically Perl, making it familiar to most developers. MySQL uses the SQL query language and English-like language used by most modern database management systems today. If you have had any experience with SQL, you will find using it with MySQL an easy transition.

MySQL is a relational database management system. Whether you’re involved with a Web site that processes millions of requests a day like eBay or Yahoo!, or a smaller site such as your own online shop or training course, the data must be stored in an organized and structured way for easy access and processing.
This is handled by a database management system such as MySQL where the data is stored in tables rather than in a flat file.

MySQL uses the client/server model; that is, a database server (MySQL) that serves (communicates) with multiple clients application programs), where the clients may or may not be on the same computer. It also supports SQL, the structured query language, a standardized language used by most modern databases for working with data and administering the database.

MySQL software is open source. As discussed earlierin this chapter, open source means that it is possible for anyone to download MySQL from the Internet, and use and modify the software without paying anything. The MySQL software uses the GPL GNU General Public License, http://www.fsf.org/licenses/, to define what you may and may not do with the software in different situations. If you need to use MySQL code in a commercial application, you can buy a commercially licensed version. See the MySQL Licensing Overview for more information http://www.mysql.com/company/legal/licensing .
The MySQL Database Server is very fast, reliable, and easy to use. MySQL Server was originally developed to handle large databases much faster than existing solutions and has been successfully used in highly demanding production environments for several years. Its connectivity, speed, and security make MySQL Server highly suited for accessing databases on the Internet.

MySQL serves as a back end for all kinds of information such as e-mail, Web images and content, games, log files, and so on. The server can be embedded in applications such as cell phones, electronic devices, public kiosks, and more.

Read More

configuring PHP-impact security

The primary mechanism for configuring PHP is the php.inifile.
As the master file, this provides you with control over all configuration settings.
Entries generally take the format:
setting= value

Be sure to read the comments provided in the file before making changes, though.
There are a few tricks, such as include_pathusing a colon (:) as a seperator on
Unix, and a semicolon (;) on Windows.
Most Web hosts will not provide you access to your php.inifile unless you have
root access to the system (which is typically not the case if you’re using a cheap
virtual hosting service). Your next alternative is to use .htaccessfiles to configure
PHP assuming the Web server is Apache.
An .htaccessfile is a plain text file that you place in a public Web directory to
determine the behavior of Apache when it comes to serving pages from that directory; for instance, you might identify which pages you’ll allow public access to.
Note that the effect of an .htaccessfile is recursive—it applies to subdirectories
as well.

To configure PHP with .htaccessfiles, your hosting provider must have the
Apache setting AllowOverride Optionsor AllowOverride Allapplied to your
Web directory in Apache’s main httpd.confconfiguration file. Assuming that
is done, there are two Apache directives you can use to modify PHP’s configuration:
php_flag
used for settings that have boolean values (i.e. on/offor 1/0) such as
register_globals

php_value
used to specify a string value for settings, such as you might have with the
include_pathsetting
Here’s an example .htaccessfile:

# Switch off register globals
php_flag register_globals off
# Set the include path
php_value include_path ".;/home/username/pear"
The final mechanism controlling PHP’s configuration is the group of functions
ini_setand ini_alter, which let you modify configuration settings, as well as
ini_get, which allows you to check configuration settings, and ini_restore,
which resets PHP’s configuration to the default value as defined by php.iniand
any .htaccessfiles. Using ini_set, here’s an example which allows us to avoid
having to define our host, user name and password when connecting to MySQL:
ini_set('mysql.default_host', 'localhost');
ini_set('mysql.default_user', 'harryf');
ini_set('mysql.default_password', 'secret');
if (!mysql_connect()) {
echo mysql_error();
} else {
echo 'Success';
}
Be aware that PHP provides for some settings, such as error_reporting, alternative functions that perform effectively the same job as ini_set.

Read More

Apple seeds iOS 8 beta

Apple is now seeding the iOS 8 beta 2 to developers. It comes exactly two weeks after the Beta 1 went live and brings lots of bug fixes and a few new features.

 Some of the critical fixes include a working brightness slider, purchases are sorted again by date in the App Store, and crashes does not occur when adding third party keyboards.

There are numerous fixes done on the HealthKit and Handoff feature between iOS 8 Beta 2 and Yosemite Beta 2. Apple's QuickType keyboard premieres on iPads, too.

Finally, the Apple's Podcast app comes pre-installed with iOS 8 Beta 2, as it was
with the iBooks app in Beta 1. New settings are available in the iOS 8 Beta 2 - Battery
 Usage Per App, Disable All Notifications, Enable iCloud Photos for sharing.


There are lots of ways you can install iOS 8 Betas. There are reports for some errors upon installing iOS 8 Beta 2, so if you don't know what you are doing or you are afraid to loose precious data - you should probably wait for the official release this fall. Side by side with the iOS 8 Beta 2

Read More