blazt.com

Interesting facts in ICC World Cup 2011

merly — Thu, 07 Apr 2011 06:49:51 +0000

1. Duration of ICC World Cup:
– Cricket World Cup will be played from Feb 19 to April 2.
– Qualifying round matches will be till March 20
– Quarter Final matches will be played between March 23 to March 26
– Semi Final matches on March 29 and March 30
– Cricket World Cup Final will be held April 2

2. Host nations:
This world cup will be jointly hosted by 3 countries – India, Bangladesh and Sri Lanka.

3. Participating Teams:
There are total of 14 teams participating in this world up comprising of 2 groups with 7 teams each.

Group A Group B
Australia India
Sri Lanka England
Pakistan South Africa
New Zealand Bangladesh
Zimbabwe West Indies
Canada Netherlands
Kenya Ireland

4. Total number of World Cup matches:
Total of 49 matches will be played (incidentally one of the highest compared to any previous world cup). There will be 42 qualifying matches, 4 Quarter Finals, 2 Semi finals and 1 Final.

Out of total 49 matches India will host 29 matches (including a Quarter Final, a Semi Final and the Final). Bangladesh will host 8 matches (including 2 Quarter Finals) and Sri Lanka will hold 12 matches (including a Quarter Final and a Semi Final).

5. Total venues in all:
There will be Total of 13 grounds used for this tournament:

India – 8
– Eden Gardens, Kolkata, Capacity – 90,000 (3 matches)
– Feroz Shah Kotla, New Delhi, Capacity – 48,000 (4 matches)
– Chinnaswamy, Bengaluru, Capacity – 42,000 (5 matches)
– Chidambaram, Chennai, Capacity – 50,000 (4 matches)
– Mohali, Chandigarh, Capacity – 35,000 (3 matches including a Semi Final)
– Motera, Ahmedabad, Capacity – 50,000 (3 mathces including a Quarter Final)
– Jamtha, Nagpur, Capacity – 45,000 (4 matches)
– Wankhede, Mumbai , Capacity – 45,000 (3 matches including the Final)

Bangladesh-2
– Zahur Ahmed Stadium, Chittagong, Capacity – 20,000 (2 matches)
– Shere Bangla Stadium, Mirpur, Dhaka Capacity – 25,000 (6 matches including 2 Quarter Finals)

Sri Lanka-3
– Rajapaksha Stadium, Hambantota, Capacity – 35,000 (2 matches)
– Muralidharan Stadium, Kandy, Capacity – 35,000 (3 matches)
– Premadasa Stadium, Colombo, Capacity – 35,000 (7 matches including a Quarter Final and a Semi Final)

The Quarter Finals will be held at Mirpur, Dhaka (2 matches), Ahmedabad and Colombo. Semi Finals will be held at Colombo and Chandigarh. The finals will be held at Wankhede Stadium in Mumbai.

6. How teams proceed progressively to next stage?
Each team plays 1 match with 6 other team in its group. The least scoring 3 teams get eliminated and the top 4 from each group goes to knock out stage.

– Quarter Final No.1: #1 team of Group A will play against #4 team of Group B
– Quarter Final No.2: #2 team of Group A will play against #3 team of Group B
– Quarter Final No.3: #3 team of Group A will play against #2 team of Group B
– Quarter Final No.4: #4 team of Group A will play against #1 team of Group B
– Semi Final No.1: Winner of QF No.1 will play against Winner of QF No.3
– Semi Final No.2: Winner of QF No.2 will play against Winner of QF No.4
– Final: Winner of SF No.1 will play Winner of SF No.2

7. ICC World Cup Trophy and Prize Money:
There are two original Trophies with ICC. One would be held in its Head Quarters in Dubai and the other is given to the Winning team. Both the trophies are identical, the only difference would be, the Trophy in ICC Head Quarters will have the names of all the previous World Cup winners inscribed on it.

Prize Money:
– Winner – US $3,000,0000
– Runner Up – US $1,500,000
– Total Prize Money – US $10,000,000

8. ICC World Cup 2011 official Mascot:
The official Mascot of ICC world Cup 2011 is Stumpy, the Elephant.

9. ICC World Cup 2011 official Song:
The official theme/song of ICC World Cup is De Ghuma ke (3 Min 56 Sec). It is composed by Shankar Mahadevan, Ehsaan Noorani and Loy Mendonsa. It is sung by Shankar Mahadevan and Divya Kumar while the lyrics are given by Manoj Yadav.

10. ICC World Cup 2011 Official Event Ambassador:
Sachin Ramesh Tendulkar

ICC World Cup 2011: Winning Moments of India

merly — Thu, 07 Apr 2011 06:40:06 +0000

ICC CWC 2011 [Final] 02-APR-2011 – Winning Moments of India

April 2, 2011 became a memorable day in the history of Indian Cricket when glorious Indian team beat Sri Lanka by 6 wickets in the final of ICC Cricket World Cup 2011 under the captaincy of M.S Dhoni, thus bringing the most-awaited trophy back to India after a long-wait of 28 years.

The whole India celebrated this victory like a national festival by bursting firecrackers and partying all night.

BCCI President Sharad Pawar declared a cash prize of Rs. 1 Crore to each member of world cup squad. Rs.50 lakhs and Rs.25 lakhs will also be rewarded to Indian coach & staff and members of selection committee.

Enjoy some of these glorious moments captured in pictures:

Sachin Tendulkar is carried on shoulders by the team members Virat Kohli, Suresh Raina and Yusuf Pathan. He was hailed by the Indian team for his services to Indian Cricket and nation over the past 22 years.

50 COMMON INTERVIEW QUESTIONS AND ANSWERS

merly — Wed, 15 Jul 2009 05:28:01 +0000

Review these typical interview questions and think about how you would answer them. Read the questions listed; you will also find some strategy suggestions with it.

1. Tell me about yourself?
Ans : The most often asked question in interviews. You need to have a short statement prepared in your mind. Be careful that it does not sound rehearsed. Limit it to work-related items unless instructed otherwise. Talk about things you have done and jobs you have held that relate to the position you are interviewing for. Start with the item farthest back and work up to the present.

2. Why did you leave your last job?
Ans: Stay positive regardless of the circumstances. Never refer to a majorproblem with management and never speak ill of supervisors, co-workers or the organization. If you do, you will be the one looking bad. Keep smiling and talk about leaving for a positive reason such as an opportunity, a chance to do something special or other forward-looking reasons.

3. What experience do you have in this field?
Ans: Speak about specifics that relate to the position you are applying for. If you do not have specific experience, get as close as you can.

4. Do you consider yourself successful?
Ans:You should always answer yes and briefly explain why. A good explanation is that you have set goals, and you have met some and are on track to achieve the others.

5. What do co-workers say about you?
Ans: Be prepared with a quote or two from co-workers. Either a specific statement or a paraphrase will work. Jill Clark, a co-worker at Smith Company, always said I was the hardest workers she had ever known. It is as powerful as Jill having said it at the interview herself.

6. What do you know about this organization?
This question is one reason to do some research on the organization before the interview. Find out where they have been and where they are going. What are the current issues and who are the major players?

7. What have you done to improve your knowledge in the last year?
Try to include improvement activities that relate to the job. A wide variety of activities can be mentioned as positive self-improvement. Have some good ones handy to mention.

8. Are you applying for other jobs?
Be honest but do not spend a lot of time in this area. Keep the focuson this job and what you can do for this organization. Anything else is a distraction.

9. Why do you want to work for this organization?
This may take some thought and certainly, should be based on the research you have done on the organization. Sincerity is extremely important here and will easily be sensed. Relate it to your long-term career goals.

10. Do you know anyone who works for us?
Be aware of the policy on relatives working for the organization. This can affect your answer even though they asked about friends not relatives. Be careful to mention a friend only if they are well thought of.

11. What is your Expected Salary? A loaded question. A nasty little game that you will probably lose if you answer first. So, do not answer it. Instead, say something like, That’s a tough question. Can you tell me the range for this position? In most cases, the interviewer, taken off guard, will tell you. If not, say that it can depend on the details of the job. Then give a wide range.

12. Are you a team player?
You are, of course, a team player. Be sure to have examples ready. Specifics that show you often perform for the good of the team rather than for yourself are good evidence of your team attitude. Do not brag, just say it in a matter-of-fact tone. This is a key point.

13. How long would you expect to work for us if hired?
Specifics here are not good. Something like this should work: I’d like it to be a long time. Or As long as we both feel I’m doing a good job.

14. Have you ever had to fire anyone?
How did you feel about that? This is serious. Do not make light of it or in any way seem like you like to fire people. At the same time, you will do it when it is the right thing to do. When it comes to the organization versus the individual who has created a harmful situation, you will protect the organization. Remember firing is not the same as layoff or reduction in force.

15. What is your philosophy towards work?
The interviewer is not looking for a long or flowery dissertation here. Do you have strong feelings that the job gets done? Yes. That’s the type of answer that works best here. Short and positive, showing a benefit to the organization.

16. If you had enough money to retire right now, would you?
Answer yes if you would. But since you need to work, this is the type of work you prefer. Do not say yes if you do not mean it.

17. Have you ever been asked to leave a position?
If you have not, say no. If you have, be honest, brief and avoid saying negative things about the people or organization involved.

18. Explain how you would be an asset to this organization?
You should be anxious for this question. It gives you a chance to highlight your best points as they relate to the position being discussed. Give a little advance thought to this relationship.

19. Why should we hire you?
Point out how your assets meet what the organization needs. Do not mention any other candidates to make a comparison.

20. Tell me about a suggestion you have made?
Have a good one ready. Be sure and use a suggestion that was accepted and was then considered successful. One related to the type of work applied for is a real plus.

21. What irritates you about co-workers?
This is a trap question. Think real hard but fail to come up with anything that irritates you. A short statement that you seem to get along with folks is great.

22. What is your greatest strength?
Numerous answers are good, just stay positive. A few good examples: Your ability to prioritize, Your problem-solving skills, Your ability to work under pressure, Your ability to focus on projects, Your professional expertise, Your leadership skills, Your positive attitude.

23. Tell me about your dream job?
Stay away from a specific job. You cannot win. If you say the job you are contending for is it, you strain credibility. If you say another job is it, you plant the suspicion that you will be dissatisfied with this position if hired. The best is to stay genetic and say something like: A job where I love the work, like the people, can contribute andcan’t wait to get to work.

24. Why do you think you would do well at this job?
Give several reasons and include skills, experience and interest.

25. What are you looking for in a job?
See answer # 23

26. What kind of person would you refuse to work with?
Do not be trivial. It would take disloyalty to the organization, violence or lawbreaking to get you to object. Minor objections will label you as a whiner.

27. What is more important to you: the money or the work?
Money is always important, but the work is the most important. There is no better answer.

28. What would your previous supervisor say your strongest point is?
There are numerous good possibilities: Loyalty, Energy, Positive attitude, Leadership, Team player, Expertise,Initiativ e, Patience, Hard work, Creativity, Problem solver.

29. Tell me about a problem you had with a supervisor?
Biggest trap of all. This is a test to see if you will speak ill of your boss. If you fall for it and tell about a problem with a former boss, you may well below the interview right there. Stay positive and develop a poor memory about any trouble with a supervisor.

30. What has disappointed you about a job?
Don’t get trivial or negative. Safe areas are few but can include: Not enough of a challenge. You were laid off in a reduction Company did not win a contract, which would have given you more responsibility.

31. Tell me about your ability to work under pressure.
You may say that you thrive under certain types of pressure. Give an example that relates to the type of position applied for.

32. Do your skills match this job or another job more closely?
Probably this one. Do not give fuel to the suspicion that you may want another job more than this one.

33. What motivates you to do your best on the job?
This is a personal trait that only you can say, but good examples are: Challenge, Achievement, Recognition

34. Are you willing to work overtime? Nights? Weekends?
This is up to you. Be totally honest.

35. How would you know you were successful on this job?
Several ways are good measures: You set high standards for yourself and meet them. Your outcomes are a success. Your boss tell you that you are successful

36. Would you be willing to relocate if required?
You should be clear on this with your family prior to the interview if you think there is a chance it may come up. Do not say yes just to get the job if the real answer is no. This can create a lot of problems later on in your career. Be honest at this point and save yourself future grief.

37. Are you willing to put the interests of the organization ahead of your own?
This is a straight loyalty and dedication question. Do not worry about the deep ethical and philosophical implications. Just say yes.

38. Describe your management style ?
Try to avoid labels. Some of the more common labels, like progressive, salesman or consensus, can have several meanings or descriptions depending on which management expert you listen to. The situational style is safe, because it says you will manage according to the situation, instead of one size fits all.

39. What have you learned from mistakes on the job?
Here you have to come up with something or you strain credibility. Make it small, well intentioned mistake with a positive lesson learned. An example would be working too far ahead of colleagues on a project and thus throwing coordination off.

40. Do you have any blind spots?
Trick question. If you know about blind spots, they are no longer blind spots. Do not reveal any personal areas of concern here. Let them do their own discovery on your bad points. Do not hand it to them.

41. If you were hiring a person for this job, what would you look for?
Be careful to mention traits that are needed and that you have.

42. Do you think you are overqualified for this position?
Regardless of your qualifications, state that you are very well qualified for the position.

43. How do you propose to compensate for your lack of experience?
First, if you have experience that the interviewer does not know about, bring that up: Then, point out (if true) that you are a hard working quick learner.

44. What qualities do you look for in a boss?
Be generic and positive. Safe qualities are knowledgeable, a sense of humor, fair, loyal to subordinates and holder of high standards. All bosses think they have these traits.

45. Tell me about a time when you helped resolve a dispute ?
between others. Pick a specific incident. Concentrate on your problem solving technique and not the dispute you settled.

46. What position do you prefer on a team working on a project?
Be honest. If you are comfortable in different roles, point that out.

47. Describe your work ethic?
Emphasize benefits to the organization. Things like, determination to get the job done and work hard but enjoy your work are good.

48. What has been your biggest professional disappointment?
Be sure that you refer to something that was beyond your control. Show acceptance and no negative feelings.

49. Tell me about the most fun you have had on the job.
Talk about having fun by accomplishing something for the organization.

50. Do you have any questions for me?
Always have some questions prepared. Questions prepared where you will be an asset to the organization are good. How soon will I be able to be productive? and What type of projects will I be able to assist on? are examples.

And Finally Best of Luck Hope you will be succussful in the interview you are going to face in coming days.

“Never take some one for granted,Hold every person Close to your Heart because you might wake up one day and realise that you have lost a diamond while you were too busy collecting stones.” Remember this always in life.

extracting patterns in perl

merly — Tue, 23 Dec 2008 01:14:36 +0000

In many applications we may need to extract certain numbers , characters or even a mixture of characters ans numbers from sentences….
the below code will help you

consider the below example

eg: id #23517348 – from reply

Our aim is to extract 23517348 from the above data

regex for extracting is:- /(\d+)/

=====================================
my $sub=$::FORM{desc’}; // suppose sub prints the data
id #23517348 – from reply

#print “$sub”;
$sub =~/(\d+)/;
print “$1″;

=======================
Output
=====
23517348

100 keyboard shortcuts

merly — Sat, 15 Nov 2008 04:08:20 +0000

Here are 100 keyboard shortcuts to pace up your work and Impress others
CTRL+C (Copy)
CTRL+X (Cut)
CTRL+V (Paste)
CTRL+Z (Undo)
DELETE (Delete)
SHIFT+DELETE (Delete the selected item permanently without placing the item in the Recycle Bin)
CTRL while dragging an item (Copy the selected item)
CTRL+SHIFT while dragging an item (Create a shortcut to the selected item)
F2 key (Rename the selected item)
CTRL+RIGHT ARROW (Move the insertion point to the beginning of the next word)
CTRL+LEFT ARROW (Move the insertion point to the beginning of the previous word)
CTRL+DOWN ARROW (Move the insertion point to the beginning of the next paragraph)
CTRL+UP ARROW (Move the insertion point to the beginning of the previous paragraph)
CTRL+SHIFT with any of the arrow keys (Highlight a block of text)
SHIFT with any of the arrow keys (Select more than one item in a window or on the desktop, or select text in a document)
CTRL+A (Select all)
F3 key (Search for a file or a folder)
ALT+ENTER (View the properties for the selected item)
ALT+F4 (Close the active item, or quit the active program)
ALT+ENTER (Display the properties of the selected object)
ALT+SPACEBAR (Open the shortcut menu for the active window)
CTRL+F4 (Close the active document in programs that enable you to have multiple documents open simultaneously)
ALT+TAB (Switch between the open items)
ALT+ESC (Cycle through items in the order that they had been opened)
F6 key (Cycle through the screen elements in a window or on the desktop)
F4 key (Display the Address bar list in My Computer or Windows Explorer)
SHIFT+F10 (Display the shortcut menu for the selected item)
ALT+SPACEBAR (Display the System menu for the active window)
CTRL+ESC (Display the Start menu)
ALT+Underlined letter in a menu name (Display the corresponding menu)
Underlined letter in a command name on an open menu (Perform the corresponding command)
F10 key (Activate the menu bar in the active program)
RIGHT ARROW (Open the next menu to the right, or open a submenu)
LEFT ARROW (Open the next menu to the left, or close a submenu)
F5 key (Update the active window)
BACKSPACE (View the folder one level up in My Computer or Windows Explorer)
ESC (Cancel the current task)
SHIFT when you insert a CD-ROM into the CD-ROM drive (Prevent the CD-ROM from automatically playing)

Dialog Box Keyboard Shortcuts

CTRL+TAB (Move forward through the tabs)
CTRL+SHIFT+TAB (Move backward through the tabs)
TAB (Move forward through the options)
SHIFT+TAB (Move backward through the options)
ALT+Underlined letter (Perform the corresponding command or select the corresponding option)
ENTER (Perform the command for the active option or button)
SPACEBAR (Select or clear the check box if the active option is a check box)
Arrow keys (Select a button if the active option is a group of option buttons)
F1 key (Display Help)
F4 key (Display the items in the active list)
BACKSPACE (Open a folder one level up if a folder is selected in the Save As or Open dialog box)

Microsoft Natural Keyboard Shortcuts

Windows Logo (Display or hide the Start menu)
Windows Logo+BREAK (Display the System Properties dialog box)
Windows Logo+D (Display the desktop)
Windows Logo+M (Minimize all of the windows)
Windows Logo+SHIFT+M (Restore the minimized windows)
Windows Logo+E (Open My Computer)
Windows Logo+F (Search for a file or a folder)
CTRL+Windows Logo+F (Search for computers)
Windows Logo+F1 (Display Windows Help)
Windows Logo+ L (Lock the keyboard)
Windows Logo+R (Open the Run dialog box)
Windows Logo+U (Open Utility Manager)

Accessibility Keyboard Shortcuts

Right SHIFT for eight seconds (Switch FilterKeys either on or off)
Left ALT+left SHIFT+PRINT SCREEN (Switch High Contrast either on or off)
Left ALT+left SHIFT+NUM LOCK (Switch the MouseKeys either on or off)
SHIFT five times (Switch the StickyKeys either on or off)
NUM LOCK for five seconds (Switch the ToggleKeys either on or off)
Windows Logo +U (Open Utility Manager)

Windows Explorer Keyboard Shortcuts

END (Display the bottom of the active window)
HOME (Display the top of the active window)
NUM LOCK+Asterisk sign (*) (Display all of the subfolders that are under the selected folder)
NUM LOCK+Plus sign (+) (Display the contents of the selected folder)
NUM LOCK+Minus sign (-) (Collapse the selected folder)
LEFT ARROW (Collapse the current selection if it is expanded, or select the parent folder)
RIGHT ARROW (Display the current selection if it is collapsed, or select the first subfolder)

Shortcut Keys for Character Map

After you double-click a character on the grid of characters, you can move through the grid by using the keyboard shortcuts:
RIGHT ARROW (Move to the right or to the beginning of the next line)
LEFT ARROW (Move to the left or to the end of the previous line)
UP ARROW (Move up one row)
DOWN ARROW (Move down one row)
PAGE UP (Move up one screen at a time)
PAGE DOWN (Move down one screen at a time)
HOME (Move to the beginning of the line)
END (Move to the end of the line)
CTRL+HOME (Move to the first character)
CTRL+END (Move to the last character)
SPACEBAR (Switch between Enlarged and Normal mode when a character is selected)

Microsoft Internet Explorer Navigation

CTRL+B (Open the Organize Favorites dialog box)
CTRL+E (Open the Search bar)
CTRL+F (Start the Find utility)
CTRL+H (Open the History bar)
CTRL+I (Open the Favorites bar)
CTRL+L (Open the Open dialog box)
CTRL+N (Start another instance of the browser with the same Web address)
CTRL+O (Open the Open dialog box, the same as CTRL+L)
CTRL+P (Open the Print dialog box)
CTRL+R (Update the current Web page)
CTRL+W (Close the current window)

Have you locked your keys in the car? Does you car have remote keys?

merly — Sat, 21 Jun 2008 08:40:52 +0000

This may come in handy someday. Good reason to own a cell phone:

If you lock your keys in the car and the spare keys are at home, call

someone at home on their cell phone from your cell phone.

Hold your cell phone about a foot from your car door and have the person

at your home press the unlock button, holding it near the mobile phone on

their end. Your car will unlock.

Saves someone from having to drive your

keys to you. Distance is no object. You could be hundreds of miles away,

and if you can reach someone who has the other “remote” for your car, you

can unlock the doors (or the trunk).

How to disable a STOLEN mobile phone?

merly — Sat, 21 Jun 2008 08:35:09 +0000

To check your Mobile phone’s serial number, key in the following digits on your phone:

* # 0 6 #

A 15 digit code will appear on the screen. This number is unique to your

handset. Write it down and keep it somewhere safe. when your phone get

stolen, you can phone your service provider and give them this code. They

will then be able to block your handset so even if the thief changes the

SIM card, your phone will be totally useless.

You probably won’t get your phone back, but at least you know that whoever stole it can’t use/sell it either.

Scan your books online

merly — Sat, 24 May 2008 06:04:59 +0000

How is the idea?

Scanning photos online for free.

Requirements

1.An Email account

2.A digital camera/ Camera phone not less than 2Megapixel.

Take photos,transfer to computer,attach send to Scanr.

Given below is another site Qipit.

Qipit stores up to 100 scanned documents in your account for free, where you can make them public and tag them, too. When you sign up for Qipit, optionally register your cameraphone’s make and model, and the app will tell you what it can do with images from it (whiteboards, hand-written notes and/or printed documents.)

Advantage is that it even works on low resolution phones(1.3 MP).

How to Lock windows folders without any software

merly — Thu, 15 May 2008 03:12:18 +0000

How to Lock windows folders without any software

We are assuming that the name of the folder to be renamed is HideMePlease and it is located in D Drive, thereby making the path to the folder as

Disc D:\

Step I

The trick is pretty simple, If you rename the folder ( in our case
HideMePlease) to HideMePlease.{21EC2020-3AEA-1069-A2DD-08002B30309D}
When this renaming of the folder is done, windows by default makes
it point to the control panel. Upon clicking on the folder after
renaming, Control Panel is displayed.
To get your folder back to the original one, rename it back to HideMePlease.

In order to make the entire process simple and clean,
i would suggest that you make two batch files (files ending with .bat
extension). One file for hiding/locking the folder; the other for
getting it back/unlocking it.
Step II

1.) The batch file for hiding the folder can be named as:
Hide.bat
2.) Open notepad/your favorite text editor and type in this
//THIS FILE SHOULD BE PLACED IN d:\
REN HideMePlease HideMePlease.{21EC2020-3AEA-1069-A2DD-08002B30309D}
Step III

1.) The batch file for unlocking the folder can be named as
Recover.bat
2.) Open notepad/your favorite text editor and type in this
//THIS FILE SHOULD BE PLACED IN D:\
REN HideMePlease.{21EC2020-3AEA-1069-A2DD-08002B30309D} HideMePlease
IT IS A VERY GOOD TRICK AND WOULD COME HANDY WHEN YOU HAVE TO HIDE YOUR PERSONAL INFO FROM OTHERS!

Security in php

merly — Wed, 14 May 2008 08:13:17 +0000

Why Security nedded in php?

*******************************************

PHP is a very easy language to learn, and many people without any sort of background in programming learn it as a way to add interactivity to their web sites.

Unfortunately, that often means PHP programmers, especially those newer to web development, are unaware of the potential security risks their web applications can contain.

Here are a few of the more common security problems and how to avoid them.

Common PHP problem

*****************************

If ( authenticate($user,$password) ) {
$authorized = 1;
}

if ($authorized == 1) {
echo “Logged In”;
}
————————————————–
GET auth.php?authorized=1

To solve this PHP problem

************************************

1) Ensure that you use variables that you have explicitly set.
2) Off register_globals

Error reporting

*************************

An error report can disclose directory structure of the server and even the database login information
——————————————————————————————
Set “error_reporting” to “0″ using .htaccess or php.ini

SQL Injection

*******************

PHP’s greatest strength is the ease with which it can communicate with databases, most notably MySQL.
$check = mysql_query(“SELECT Username, Password FROM Users WHERE Username = ‘”.$_POST['username'].”‘ and Password = ‘”.$_POST['password'].”‘”);
User name : ‘OR 1=1#
SELECT Username, Password FROM Users WHERE Username = ” OR 1=1 #’ and Password = ”

To prevent SQL injection

********************************

function make_safe($value) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
}

$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);
$check = mysql_query(“SELECT Username, Password FROM Users WHERE Username = ‘”.$username.”‘ and Password = ‘”.$password.”‘”);

File Manipulation

*****************************

index.php?page=contactus.html
index.php?page=.htpasswd
To overcome this :
*open_basedir” in your php.ini file
*”allow_url_fopen” to “off”

Mysql defaults

******************

MySQL : username = root & blank password
SQL : username = sa & blank password
1) Create a text file and place the following command within it :
SET PASSWORD FOR ‘root’@'localhost’ = PASSWORD(‘NewPass’);
2) Restart the MySQL server with the special –init-file=~/mysql-init option
shell> mysqld_safe –init-file=~/mysql-init &

File Systems

*****************

*Directory listing on the server must be prevented
*In include directory , configuration files must be .php extension and not like .inc
Eg : connect.inc file will be rendered as text and output to the browser. Instead use the extension “connect.inc.php”, as that will ensure the file is processed by the PHP engine.

Login Systems

******************

*Captcha : Having a randomly generated series of letters and numbers as an image on the login page, for which the user must enter the same series with the username and pasword to login.
*Simple Counter : A counter to detect number of failed logins in a row, when this counter exceeds, disable logging in to the administration area until it is reactivated by someone responsible.
*Tracking IP address : Spot repeated login failure attempts from a single IP address to access the site, you may consider blocking access from that IP address.

Database Users

******************

Give user permissions to create data and edit. Restrict the user with delete permission.
To implement delete function, you could have a numeric field like “item_deleted”, and set it to 1 when an item is deleted.
BENEFITS :
1) No data will get deleted.
2) User can be restricted with add and edit permission.

Powerful Commands

*************************

PHP contains a variety of powerful commands with access to the operating system of the server, and that can interact with other programs. It is highly recommended that you disable them entirely.
Eg : eval() function allows you to treat a string as PHP code and execute it.
A directive of the php.ini file, “disable_functions” takes comma-separated list of function names, which will be completely disabled.
Commonly disabled functions include ini_set(), exec(), fopen(), popen(), passthru(), readfile(), file(), shell_exec() and system().
safe_mode – This instructs PHP to limit the use of functions and operators that can be used to cause problems.

Code Injection (Cross-Site Scripting)

***********************************************

SQL Injection – which relies on the use of delimiters in user-input text to take control of database queries.
Code Injection – which relies on mistakes in the treatment of text before it is output.

Username

To Prevent Code Injection

*****************************

*Remove the less-than and greater-than tags from the username.
*Strip out HTML tags altogether.
Eg : strip_tags – Strip HTML and PHP tags from a string
*Limit the character set that can be used in usernames.
*Use regular expression in the signup process to validate the username to alphabets and numbers.

Aftermath

***********

*Assume that at some point any security measure you have in place will be compromised.
*First problem with a failure in site may actually come from the client.
*irst, find out what happened.
*Assuming this is a security problem, the next step is to reassure the client. Let them know what has happened.
*Find out how the attacker broke into your system. Check log files, if you have access to them.

Shared Hosting

*********************

*Shared hosting is much cheaper than dedicated hosting, and is where several sites are all hosted on the same server.
*Security of your site in these circumstances, almost entirely out of your hands. It is dependant on the hosting company you are with.
*Badly set up server will allow any site on that server to access files like /etc/passwd and httpd.conf, often giving them access to all other sites on the same server.
*Storing information in a database is highly recommended in these cases. Also don’t store your login information in a file, an attack could access this informations.
*Better is to ensure that your host, if shared, uses safe mode. While this is still not 100% secure (nothing is).