Nov19, 2007

Not the X!

Some chick called "Safire" has republished my Safe Dynamic Includes snippet on her tutorial site. (Fingers in mouth gagging here; I thought people had stopped creating these lame tutorial sites.) Alongside the code is the advice that, in normal dynamic includes "it's just the x= that makes it unsafe", and swapping this letter for a 'z' makes it all okay again.

Incidentally, this random swapping of letter renders file_exists as "file_ezists" which isn't going to work.

Anyway, the funny thing is the idea that without any other protection (although of course my code already has it), simply swapping the letter will protect you against hacking and other malicious acts.

Oh, if only all of developing were so easy.

27

Tagged .

Comments

There are currently 27 approved responses to "Not the X!".

  1. [gravatar]

    Grant 19/11/07 at 22:09 #

    "file_ezists" - mocking me :o

  2. [gravatar]

    Annie 19/11/07 at 22:27 #

    Gah...not another one. When will these kind of tutorial sites die?

  3. [gravatar]

    Rachael 19/11/07 at 22:39 #

    Oh yes, the letter x is very dangerous. *nod* x is the unknown, and the unknown is dangerous! muahaha... If we can change it to any letter, can I change it to R? I think R is a cool letter. But is it safe? O_O

  4. [gravatar]

    Julie 19/11/07 at 22:50 #

    I am in awe at such blatant incomprehension of the $_GET superglobal. Don't give fucking PHP tutorials if you don't understand *that*. @Rachael: j is the safest letter in dah world.

  5. [gravatar]

    Amelie 19/11/07 at 23:00 #

    Psh. Everyone knows x is unsafe. DUH To make the tutorial safe again, you have to remove ALL the Xs. Don't replace them! They're bad! In fact, while you're at it, remove every other letter as well, all letters are unsafe. Once you have done that, your site will be supah safe! (I kid. Obviously. But seriously, when she says "this is insecure but I don't know why" or whatever, it really gives you the utmost trust in what she's "teaching" you. *Eyeroll*)

  6. [gravatar]

    Hannah 19/11/07 at 23:02 #

    The letter X will kill you in your sleep! Where did she get that idea?

  7. [gravatar]

    Carly 19/11/07 at 23:30 #

    Urgh her text in the header is soo tiny! I cannot even read it!! How do you know when people have stole your stuff, i.e how do you find it? Do you google lines of your own content, or was this random: did someone just stumble on it accidently??

  8. [gravatar]

    Jack 20/11/07 at 00:14 #

    That is a truly impressive lack of logic she's got going on there.

  9. [gravatar]

    Kaylee 20/11/07 at 00:26 #

    I never liked X's, they always seemed like they were hiding something.

  10. [gravatar]

    Aaron 20/11/07 at 01:06 #

    Hmm, this day is just getting better. It may be Monday, but I had cake for lunch, no homework, and now this... the only downer is that math test. Oh well, this makes that seem nonexistent.

  11. [gravatar]

    Vasili 20/11/07 at 01:17 #

    If that doesn't scream wanna be PHP tutorial master person thing, I don't know what does. If you are that stupid to copy the whole code and then find/replace ALL the x's, then you shouldn't be allowed to copy anything if you do xD

  12. [gravatar]

    Matt 20/11/07 at 01:41 #

    3 words for her: What a twat

  13. [gravatar]

    Grant 20/11/07 at 02:17 #

    @Vasilli - pss someone else made that xD change the x to comething lk qD HAHA

  14. [gravatar]

    Versteckt 20/11/07 at 06:21 #

    Oh no, Jem, she took it down! :D

  15. [gravatar]

    Amber 20/11/07 at 07:40 #

    I don't really mind about most teenybopper websites with their illegible font, etc. it's just when these people try to give stupid advice to others that I say, 'Oh God, WHY?'

  16. [gravatar]

    Brenda 20/11/07 at 07:53 #

    "Each of these tutorials took time to make." Oh really? I thought 'taking time to make a tutorial' involves actually writing out the tutorial yourself and making sure you fully understand what you're writing? o_O Oh, and she took the tutorial down already. :P

  17. [gravatar]

    Jem 20/11/07 at 09:14 #

    How do you know when people have stole your stuff, i.e how do you find it? More often than not, people e-mail. That was the case this time.

  18. [gravatar]

    Kim 20/11/07 at 10:52 #

    I never liked X's anyway, it's all A,B and C's for me. *rolls eyes*

  19. [gravatar]

    Vera 20/11/07 at 11:52 #

    "it's just the x= that makes it unsafe", and swapping this letter for a 'z' makes it all okay again. I'm literally tearing up now. Please, no more. I'm going to die of laughter.

  20. [gravatar]

    Stephanie 20/11/07 at 15:24 #

    I say fuck all letters and numbers, and start replacing variables with hearts and stars! is there an ascii code for ponies? THAT'S WHAT I'M GOING TO USE!

  21. [gravatar]

    Melissa 20/11/07 at 15:28 #

    It's nice to know she took it down... upsetting she even done this in the first place. Anyway I have never commented on your site before, I was kind of afraid to leave my website because I might get a "pants" award, lol. Anyway hopefully people will stop doing that! Best of luck!

  22. [gravatar]

    Jem 20/11/07 at 15:54 #

    @Melissa: I'm not too keen on glitters personally, but your site is not even close (in terms of "badness") to some I've seen. :) That said, I'd recommend you ditch Waks Ask & Answer, it's awfully insecure.

  23. [gravatar]

    Carly 20/11/07 at 18:41 #

    At least your site is readable melissa! lol

  24. [gravatar]

    Melissa 21/11/07 at 01:48 #

    Thanks for replying Jem and Carly! Not to inappropriately spam the comments... but I'm so used to Waks Ask & Answer, I just continue to use it :( Oh and about the font size, I know! I'm trying my hardest to make everything sort of "accessible" if that's the correct word! Off to read your new blog now :)

  25. [gravatar]

    Jamie 21/11/07 at 23:40 #

    @ Melissa Using a script that is insecure is just ignorant, no matter if you like it better than another script or not.

  26. [gravatar]

    Carly 22/11/07 at 01:42 #

    @ melissa... you're leaving yourself open to hacking. I've seen lots of blogs hacked when people haven't updated their wordpress to the latest version... mooch around this site and there's a list of alternatives Jem recommends. And yes, accessable is the right word!

  27. [gravatar]

    Haruno 20/12/07 at 11:32 #

    strangely, i don't think she meant it X= My mother says "Everyone makes a mistake." But, I'm still figuring out if she has read the Disclaimer page of yours. X) Lame tutorial sites? Sorry for being a n00b, but did you mean tutorial sites that steal other people tutorials? X=

Comments are closed.