Software development, photography, jokes, ....


Sites by me

 
tas-logoTransportation Administration System
snoezelkussen-logo-kleinstSnoezelkussens voor verstandelijk gehandicapten
ikzoekeenbegeleider-logoBegeleiders voor gehandicapten
Laat uw hond het jaarlijkse vuurwerk overwinnen
Betuweroute en Kunst
logo 50x50Hey Vos! Je eigen naam@vos.net emailadres?
Kunst in huis? Nicole Karrèr maakt echt bijzonder mooie dingen
nettylogo2Kunst in huis? Netty Franssen maakt ook bijzonder mooie dingen
Professionele opvang bij Gastouderbureau
Kind-Zijn
Salarisadministratie en belastingadvies bij
De Zaak Loont
Zutphense Bomenstichting

Hosting Favorites

 
ANU Internet Services
XelMedia .internet Services
register.com

Blogroll

 
Bomenstichting
LassoSoft
MacFreak
Quality that computes
The Economy of Motion
Wheel 2.0
IntrAktv



Website Hosting bij Xel Media


Marc's Place


 

Add or Subtract Business Days in Javascript, PHP and Lasso

I was lately looking for a working version of a function to add and/or subtract business days. The scripts and code I found via Google somehow did not produce the correct results all the time - and I do not mean the loops that simply add a day and check for weekends. Read more . . .
 
View Comments
 

Apache vhost sort order on CentOS

I’ve written a page on how to control the order of Apache vhosts [on CentOS]. Just for reference.
 
View Comments
 

Restrict Lasso AJAX-file calls to the intended web page

Suppose you have a nice setup where a page interacts with the server via AJAX-calls and executes a Lasso file on the server to get some data. You don't want this file to be called directly via the URL-bar in a web browser, or via other self-made web pages by others who try to access it via a copy of your page. Anybody can see which AJAX-files your page is calling, so for some it is always a challenge to execute them outside the normal webpage to see what data will come up. Might be of interest! So you want to prevent that, somehow.

There is a Lasso-tag called referrer_url, which returns a string containing the URL that requested your AJAX-page. If you look into this string for a domain name or a path that only you have, you can block execution if the requestor is not coming from your server. When a page is called directly in the browser, the referrer_url is always an empty string. Which is logical, since the page was not referred to by another page.

Suppose I have a page mypage.html with a jQuery auto-complete implementation in it. This auto-complete can of course be used by more than one page and you do not want people to try it out in other ways.

...
...
<input type="text" id="inp1" size="25"><span id="desc1"></span>
...
...
<script>
$(document).ready(function() {
   $("#inp1").autocomplete({minLength:2, source: "ajax.lasso?p1=a&p2=b", select: function(e,u) { $("#inp1").val(u.item.value); $("#desc1").html((u.item.label).replace("(" + u.item.value + ")", "")); return false; } });
});
</script>


Simple protection:
[
if (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html');
...
...
/if;
]


Better protection:
[
if (string(referrer_url)->beginswith('http://my.domain.com/') &&
   (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html'));
...
...
/if;
]


So this gives you some protection from just try something-users. Add a login-system, which restricts the number of users that might want to hack your pages - you can trace their actions on your site. In that case, add a check if the user is logged in. You must execute your complete login-sequence in your AJAX-pages too, as with 'normal' pages, since the xhttprequest is a normal HTTP request and thus the browser sends the same HTTP-headers and cookies, etc.. to your AJAX-page.

More protection:
[
if (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html');
   var('loggedIn = false');

   include('checkuser.lasso');

   if($loggedIn);
      ...
      ...
   /if;
/if;
]


Even better protection:
[
if (string(referrer_url)->beginswith('http://my.domain.com/') &&
   (referrer_url >> '/mypage.html' || referrer_url >> '/myotherpage.html'));
   var('loggedIn = false');

   include('checkuser.lasso');

   if($loggedIn);
      ...
      ...
   /if;
/if;
]


But, as with everything web-related, nothing can be trusted.
 
View Comments
 

'Transfer services from server to server' mind map

Using mind maps to follow your thoughts and track your findings is really a superb experience, every time again. And especially MindMeister, because it is 'in the cloud', i.e. web-based and can be accessed from anywhere and almost anything.

Every one of my personal projects goes into MindMeister if it involves more than just a few scribbles. In this mind map, I have noted all steps I must take, with all peculiarities that arise in the process, to transfer web sites and services from one server to another, in this case from a virtual CentOS server to a co-located MacMini Server from 2011. Mind you, the MacMini Server is no toy anymore - it is blazing fast!

I find this mind map quite interesting and since I am not the only one in the world doing stuff like this, I thought I'd share it so you, reader, might find the information in it somehow useful.

to_MacMINIthumb
View Comments
 

Virtual host order on Mac OS X Server

I am in the process of converting my website forwarding setup to actual host names (A-records). I was quite reluctant to do this at first, because I could not oversee the consequences and googling didn't reassure me either. But on the LDC09, I talked to Chris who kindly explained to me how easy and unproblematic this actually is. Being a sceptic, I did not start by converting all entries at once, but I do convert one entry per day - when it succeeds.

The first one went wrong already because of my logical thinking as a programmer. I pointed the subdomain name to our Mac OS 10.4 server and setup the site there, putting the default (*) at the bottom. Hey, where is a catch-all entry for!? It belongs at the end, just like with a if/else/end - the last 'else' is the catch-all. But from that moment on, every site landed on my newly created domain, so I quickly swapped the two site entries so that the catch-all was the first one again. Now it worked.

So I made a whole plan : setup a subdomain on one afternoon and check if it works the next morning. This way I set some others up on this 10.4 server and they all work.

Then comes the day I needed to setup the same construct on a Mac OS 10.5 Server. So I deleted the website forwarding entry, created the A-record, created the site on the OS X server, leaving the catch-all at the top and waited until the next morning. The domain name worked all right, but landed on /library/webserver/documents/ (the www-root) instead of the path I put into the site. I have been struggling for two days with this 10.5 server. I checked and double checked, changed the site's path, etc.. Nothing worked, it kept landing on the webroot. And today I thought, what if I swap the site entries and put the default (*) at the bottom (as I did at first on the 10.4 server) and ... it worked! I tested the other sites which have no domain name yet (website forwarding) and they all work ok.

So the order for site entries on MacOS 10.4 Server differs from MacOS 10.5 Server. You can see that in the
sites folder inside the Apache folder (/etc/httpd/ on 10.4 and /etc/apache2/ on 10.5). Sites are loaded by including sites/*.conf and the order is determined by the name of the conf-files (10.5 example):

-rw-r--r-- 1 root wheel 1659 Nov 1 17:12 sites/0000_any_80_my.site.com.conf
-rw-r--r-- 1 root wheel 1857 Nov 1 17:12 sites/0001_any_80_default.conf
-rw-r--r-- 1 root wheel 566 Nov 1 17:12 sites/virtual_host_global.conf


So it seems on 10.5 the catch-all sites are loaded last.
View Comments
 

At the Lasso Developer Conference 2009

LDC09-2009-10-5-22-17

From october 1 thru 4, the Lasso Developer Conference 2009 was held in Amsterdam. For me, this was the first time because a) it was in Amsterdam and b) Lasso 9 would be introduced and c) at last I would meet quite a few fellow Lasso-ers in real life.
There were some round-tables and workshops presented by Lasso-ers themselves, where some interesting topics were discussed and great solutions to returning questions were offered.
LassoSoft picked a real cool location: Spaces at the Herengracht. You can see some photo's of it here.

It was great. Thanks Lassosoft and everyone for this opportunity!

DSCF0114-2009-10-5-22-17.JPG

LDC09 Video's :
YouTube - LassoSoft's channel

Here are some links to LDC09 material :
LassoTech
At_begin URL-handling and REST
Version Control Systems
L-Migrator presentation
itPage presentation
Lfor presentation
Encoding and Character-sets
File permissions
jquery Week calendar

Check out the lively Lasso community at LassoTalk
And Brian's blog-post
View Comments
 
See Older Posts...
© 1997- Marc Vos (and others) Contact Me