maybe this should be the quote of the year, I like it so much!
The #1, overriding concept you need to remember when writing your CGI scripts is this: You cannot trust user input.
Go ahead -- repeat it aloud a few times. Write it down on a Post-it and stick it to your monitor. Get it tatooed on your arm. Do not forget it. Assuming that data received from a form (even those from hidden fields) is safe is a one-way ticket to a hacked web site. Period.
Matt Riffle in an article that's no longer online.
are going to have user accounts with associated rights, we should also ensure those accounts themselves are secure. I'll describe those efforts (and share results) on a UserSettingsAndPasswords page here.
Related to UserSettings and a few other actions, something else I encountered while working on a few user-related actions: I found there are some issues with how email addresses are handled in Wikka; an overview on WikkaAndEmail - some code to be added later. On this page I'll also be relating to some WikiRoles; more on this in the next paragraph.
While working on a re-write of an action, and trying to develop a "clean pattern" for it, some thoughts occurred to me about the various roles people may have with respect to a Wiki. Thinking about the roles made it easier for me to write the code (I'll explain that later); first, here are my thoughts on WikiRoles (updated, in an attempt at clarification). Comments welcome, of course.
GmBowen's GmBowenCalendar I offered to make a "cleaned up" variant of the Calendar action for inclusion in the next (18.104.22.168) release; the result not only produces accessible table code but also has slightly extended functionality. I'm presenting it on JwCalendar with comments.
new directory structure to organize the Wikka code.
WikiAdmin and then "turned on" for an individual code block by the end user. See WikkaGeSHiIntegration for the details (try it for yourself!).
I've also created a little action that will automatically produce documentation about which language parser files are available for code highlighting - see HighlighterAction for the code and screenshots of output.
hard to understand (and thus hard to adapt), it was also pointed out that it currently uses GetEnv() which constitutes a security risk.
I've now written up my thoughts about a more secure way to handle Wikka's configuration. This is not a complete solution (yet), but presents the logic we could follow to make Wikka configuration both more flexible and more secure.
Still, it's obvious we need something more powerful than the current simple table action, so I looked whether I could make that a bit more flexible to tide us over. The result can be found on the development page TableAction, with documentation and examples with screen shots on TableActionInfo. It's definitely not a perfect solution - an action won't be. It is, however backwards compatible with the current table action, so no conversions would be needed - it just can do a lot more.
More as I get to it...
- The Joy of Human Interaction Over the Internet (or: Developing and integrating free software in a large project for fun and profit) (PDF) - by Lars Wirzenius
- Group as User: Flaming and the Design of Social Software - by Clay Shirky
- Simple arrogance by terris
- The KJ-Technique: A Group Process for Establishing Priorities - by Jared M. Spool; could this technique be adapted to use a Wiki? Could a Wiki be adapted to facilitate this technique?
- When Blogging Goes Bad: A Cautionary Tale About Blogs, Emailing Lists, Discussion, and Interaction - by Steven D. Krause; Wikis aren't mentioned here - the prof's experiment might have benefitted from using a wiki instead of blogging - but interesting as a case of how collaboration doesn't happen "automatically".
- Checklist for free software web pages - by Lars Wirzenius
- Innovative Wiki Features - read this page on the C2 Wiki for some inspiration (and recognize a few things we already have though we're not mentioned).
- WhenBlogMeetsWiki - a wiki page by different authors
- Making A Better CMS - some useful thoughts by Jeffrey Veen
- GNU Free Documentation License
- Creative commons
- Open Publication License
- Lizenz für Freie Inhalte
- Verwertung als Open Content from the Centrum für eCompetence in Hochschulen NRW (CeC), or in the English version: Which Open Content Licenses are currently available?
- Some Iñtërnâtiônàlizætiøn hints - a presentation by Jon Ramsey from the last php-london meetup
- My site is now fully unicode-ized and xhtml-ized - Keith Devens
- How to develop multilingual, Unicode applications with PHP - Scott Reynen on randomchaos: document: php and unicode
- Iñtërnâtiônàlizætiøn - Sam Ruby’s i18n Survival Guide on intertwingly
- Internationalization (I18N)
- Character Sets / Character Encoding Issues
- UTF8 helper functions - PHP code for Dokuwiki by Andreas Gohr (GPL)
Since Wikka has such an international community, some of you might enjoy the following column by Kevin Dolgin: Useful Phrases
#wikka you may find me talking about Alan. Or Grace, or Christiaan. So who the heck are they? They're my assistents, and I'd like to introduce them to you.
SETI@home and (since a few days) Einstein@home.
SETI@home and Einstein@home when he's idle: he likes space as well, and is proud of his screen saver that shows the actual moon phases.
Update: Alan actually needed another operation after that HD crash - this time he got both his motherboard and his HD replaced. Of course it took a lot of time to get him back in working condition after such a heavy operation, but he seems a lot happier now.
Win2K Advanced Server soon. Christiaan of course has always loved space, and when he's not busy he helps Grace and Alan with SETI@home calculations.
Update: Christiaan just acquired an external harddisk that's going to serve as backup for all of my crew membres (including Donald - see below). It took a bit of fiddling to get Christiaan to accept the new HD, but he's happy now.
CentOS 4.0 - and I'm learning Linux, which I find a lot of fun. Eventually Donald will become the host for my web sites (and associated mail), but a lot needs to be done before he's ready for that (and a lot will need to be learned by me...).
Once I have learned a bit of Linux with Donald's help, I'm going to teach that to Christiaan as well, who's limping along on Win98SE for now (sigh).
Here's a complete list of my past and current "computer persons":
- Archimedes - my first PC (I had a nameless Atari before that).
- Charles (Babbage) - the first capable laptop I had. Limited brains (now), but he served me well when I spent many weeks in the US on an IBM project.
- Albert (Einstein) - successor of Archimedes. He was fast when he was young. Died of a boot disk crash.
- Ada (Lovelace) - a laptop who cooperated with Albert and later Grace; I had to leave her behind at my former employer though. :(
- Grace (Hopper) - replaced Albert as my main machine, and Albert became a server. Most active member of the current crew.
- Alan (Turing) - I found life without a laptop rather dull, so I got Alan to replace Ada. He's a lot more intelligent than Ada though, and seems to have a stronger personality (well, that fits).
- Christiaan (Huygens) - the scientist who discovered Titan fits right in the team with Grace and Alan who were already working on SETI@home. Middle-aged, but still eager to learn (a bit like me, in fact :)).
- Donald (Knuth) - practically created the field of rigorous analysis of algorithms, and made many seminal contributions to several branches of theoretical computer science. He should get along fine with Grace and Alan.
traveling and photography. (You can now tell the world whether you like my travel blog.)
If you google for "javawoman" you might find a little more (including sites that have nothing to do with me, of course). :)
Oh, and you may also encounter me here as IamBack (which matches one of my domains, of course). I like having a lot of clones, so I can share out my work. ;-). Actually, I've just created this clone so I can (still) look at this site through the eyes of a non-Admin - the power of an Admin can be deceptive...
- [IRC, #wikka channel] When I'm online, I am usually present in TheLounge - the #wikka channel on irc.freenode.net - so if you have a question about Wikka, check there. Other members of the Wikka community are also regularly found there (and we're a pleasant lot - don't hesitate to ask for help, or just drop in for a chat). See TheLounge for more about our #wikka channel and where to get an IRC client if you don't have one yet.
- [IM] I also have MSN messenger and ICQ accounts; but there I accept messages only from people in my contact list; if you want to talk to me like that, give me your ID first (in #wikka, or in a comment on this page, if you prefer) so I can add you to my list.
- [Skype] And if you have Skype, you can .