What you can do with FireBug

  • Debug javascript
  • Examine the DOM tree
  • Understand the CSS
  • Change the CSS in the browser to see its effect
  • See the layout of the page
  • Determine the dimensions of page elements
  • See the page components and understand the page load process
  • View the HTTP headers
  • Evaluate javascript expressions and commands interactively
  • Use debug write (console.debug) statements to issue debug data
  • Add breakpoints
  • Profile your page

If you use it, all the time, contribute. Ask your employer to support it.

Make Phishing More Fun!

The next time you get an email from a bank you don’t do business with, asking you to login to verify your account details, enjoy it!

First, forward the email, with all the headers to the bank, so they can protect other users.

Then, click on the links and enter any data you think the scammers would like to read.

  • Account numbers and passwords should include fun words like hahahahahaha
  • Secret questions and answers are excellent opportunities to send little text messages, such as ‘You have been reported to the authorities’, or ‘Get a real job’.
  • View the source for the page to see if there are any additional opportunities to exploit the site. The code is often excellent.
  • Practice your security skills by adding interesting strings to the URL, including XSS
  • Consider SQL injection, ‘;truncate users; or ‘;delete * from table;
  • Check what happens if you paste a huge amount of text into the form
  • If you have a lot of time, look into automated answering, using curl or other similar tools to submit more information. This helps the people who are trying to collect data get more data, more quickly. :)

Bear in mind you may anger some people, and they may not react in a friendly manner. Protect your identity, that of your server and ISP.

Log ALL Errors

Graceful error trapping and display is important, both during development and after deployment. It is also good to have debug control that is manageable through environment variables. One nice solution is to use SetEnv in .htaccess or a .conf file.

Regardless of the trap and display code, be sure to log all errors, so you can resolve them if they occur. Check the error log (usually /etc/httpd/logs/error_log) frequently.

Along those lines, although using isset in Smarty template will not cause an error, if the Smarty variable inside the call is not set, a PHP will be thrown (http://smarty.net/manual/en/language.modifier.default.php). Possible solutions:

  • Do nothing - disk space is cheap and the logs get rotated (this is the wrong answer)
  • Initialize all Smarty variables for the templates in the PHP (a good answer)
  • Use PHP to initialize the template variables within the template, using {php} tags (also a valid approach)
  • Use AJAX to populate forms (may be much more difficult and take longer)

The best approach depends on the application architecture, and may vary by template within the application.

It is good to look at the compiled templates to see how they are constructed.

Fast Page Added

This is a faster version of robots.design. There are no demo connections, and the interface is simpler.

The remainder of the code is the same.

Interpretive File Architectures - PHP & Perl

If you are developing code for interpretive languages such as PHP & Perl, consider the use of the scripts carefully.

As a rule, you should strive to write code which evaluates only the code required for execution. Files should be as small as possible. This is especially important for scripts that run frequently or must be fast.

Key areas to check:

  • Use of ‘library’ files - large files with a collection of unrelated functions that support several types of scripts. These almsot always require the including files to read code that won’t be executed. Better to break them up by related functionality.
  • Common functions should be placed in a single, small, common file. Good components include database connection functions, simple error reporting, and constants.
  • Logging levels should be managed through environment variables. This allows adjustments without modifying code.
  • OOP architectures should probably be avoided for files that require high speed performance.