I want help understanding as to what the (!) mark means when put infront of an URL like
http://192.168.1.44/!
When i enter the url on the browser it display the directories. Right on the top first is a file which is named (!). When i open the link there is a php script which is basically connecting to mysql using the username and password supplied in the script. Then in rest of lines there are some sql statement which is no major coding just some kind of script to display list of employee with their pictures from erp database.
I see a point in script code but i don't see why its put as (!) and what does it actually do? Can someone please tell me its programing significance and otherwise please.
Thanks
There is nothing inherently special about the ! character in URLs. It is often used by various web frameworks to denote "dynamic pages", or a page that is generated mostly with AJAX requests.
I believe google will index pages ending in !# as normal pages to allow for this, but other than that, it has no special meaning other that what a programmer has given it.
Related
I've been wondering how to fetch the PlayStation server status. They display it on this page:
https://status.playstation.com/en-us/
But PlayStation is known to use APIs instead of PHP database fetches. After looking around in the source code of the site, I found that they have a separate file called /data.json.
https://status.playstation.com/en-us/data.json
The content of this file is the same as the index file (for some reason). They use stuff like {{endDateTitle}} and {{message}}, but I can't find where it's defined, if it's pulled using a separate file or just pulled from a database using PHP.
How can I "reverse" this site and see if there's a API I can use to display the status on my site?
Maybe I did not get the question right, but it seems pretty straightforward.
If using firefox, open Developer tools, Network. Reload the page.
You can clearly see the requested URL
https://status.playstation.com/data/statuses/region/SCEA.json
It seems that an empty list as a status means "No problems" (since there are no problems I cannot verify this assumption. That's all
The parenthesis {{}} are used by various HTML templating languages, like angular, so you'd have to go through the js code to understand where they get updated.
From the google site, I cam across a code that lets me display the recaptcha box. Although I must admit I have only started html today and hence, have no basics at all. The site does not have a verify code in html although it does in jsp and I dont know how to link it all since data from the html went to the servlet.
https://developers.google.com/recaptcha/docs/verify
specifis a list of parameters to be 'posted'
I am using Tomcat 7 and no Spring.
My doubts:
Can I have multiple forms in an html file
How do i send parameters from the precious form to the second form?
How do I link a jsp file that will verify it to be run through the java class invoked by the html file
How do I get the user (accessing my app through a local server) remote IP address?
Got sorted out. Since I did not understand the problem in that, I proceeded to simple captcha itself. I must admit I feel like a fool saying I din't know html/jsp. The second day it was all so clear. I must have been positively psyched. Unwilling to see the not working code again, I started fresh.
Answers :
I can have multiple forms in a html
as set and get parameter as a session and request functions respectively.
through a form itself or response.sendredirect("")
Remote address class and methods.
I have a db with a buch of urls. The values were entered by users, so it might be something like www.domain.com or http://www.domain.com or stackoverflow.com or https://something.com
I'm retrieving that data and creating links in a html page so people can click and be redirected to that url.
If i get the url from the page , i'll have either:
1.<a href="www.domain.com">
or
2.<a href="http://www.domain.com">
in the second case it works, but the first it doesn't.
Is there a way to make it always work?
thanks!
The www. bit is not special at all, people rely on an automatic correction feature of most browsers to prepend it if the host does not exist. To replicate this, you need to run a program that attempts to resolve each of the host names in your database, and retries with an extra www. if that fails.
The http:// bit is easy: if it is missing, add it.
There are two ways to handle this situation:
First, validate the user input. At the time a URL is submitted, validate it (preferably on the client side via Javascript) to ensure it has the required elements.
Second, in your code, you can use a regular expression or even simple pattern matching to ensure that the string starts with 'http://' or 'https://', and prepend it as needed.
The implementation details vary from language to language, but the concept is the same.
It's an important security issue and I'm sure this should be possible.
A simple example:
You run a community portal. Users are registered and upload their pictures.
Your application gives security rules whenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone else's uploaded pictures.
Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks.
If it's possible to put the binary data of an image directly into the HTML markup, you can restrict the user access of your image dirs to the user and group your web application runs of and pass the image data to your Apache user and group directly in the HTML.
The only possible weakness then is the password of the user that your web app runs as.
Is there already a possibility?
There are other (better) ways, described in other answers, to secure your files, but yes it is possible to embed the image in your html.
Use the <img> tag this way:
<img src="data:image/gif;base64,xxxxxxxxxxxxx...">
Where the xxxxx... part is a base64 encoding of gif image data.
If I needed security on my images directory I wouldn't expose the directory at all. Instead my img src attributes would reference a page that would take a userid and an image id as a parameter.
The page would validate that that user did indeed have access to see that picture. If everythings good, send the binary back. Otherwise send nothing.
for example:
<img src="imgaccess.php?userid=1111&imgid=223423" />
Also, I wouldn't use guessable id's. Instead sticking to something like base 64 encoded guid's.
I'm not sure I understand, but here goes. Instead of serving up static images that reside in an images folder - why couldn't you, using your server side technology of choice, have the images dynamically sent down to the client? That way your server side code can get in the mix and allow or deny access programmatically?
<img src="/images/getImage.aspx?id=123353 />
You could move the pictures out of the document root into a private directory and deliver them through your application, which has access to that directory. Each time your app generates an image tag, it then also generates a short-lived security token which must be specified when accessing a particular image:
<img src="/app/getImage.xyz?image=12345&token=12a342e32b321" />
Chances are very rare that someone will brute force the right token at the right time with the right image.
There are at least to possibilities to verify the token in "getImage":
Track all image tags in your app and store records in a database which link the randomly generated tokens and image IDs to the requesting users. The "getImage" action then checks the supplied parameters against that database.
Generate the token as a checksum (MD5, CRC, whatever) over the user ID, the image ID and maybe the current day of the year, and be sure to mix in an unguessable salt. The "getImage" action will then recompute the checksum und check it against the specified one in order to verify the user's access. This method will produce less overhead than the first one.
PHP example:
$token = md5($_SESSION['user_id'].' '.$imageID.' '.$SECRET_SALT.' '.date('z'));
With HTML5 you could use the canvas tag and JavaScript to do this.
You could perhaps do something with either CSS or a table layout to draw a picture (probably really bad performance, resolution, portability).
Either way, there is no stopping people from taking your pics. They could take a screenshot and crop it out.
As Chris mentioned in his answer, having long picture id's so that the URL for each image is not easy to guess or brute force is important. And no directory listing on your webserver directories is also.
https://www.base64-image.de/
I used this website to generate base64 code fir given image, and then this website provide code to directly paste . It worked.
Title: Rotate Homepage Image (for website)- No longer works.
I am a physicist/wildlife artist with a website (I created in 2002) to display & market my artwork. I have set it up with an underlying (homepage) image map - having links to: "tigers", "leopards", "birds", artist info, etc., with the overlying image changing (swapping out) every time the user navigates to/from homepage. The links for each homepage have the same numerical coordinates and do not change locations from page to page, just the image changes. You can see my blank-page site at www.querryart.com. Note links below DO work.
The website was fabulous until last year. At that time my former webhost went out of business, and I changed to Jumpline.com. Since then, the commands which call canned subroutines do not work.
The routine which swaps out the image is named pid.cgi (stored in the cgi-bin).
Another one-line page-counter cgi routine I used at the end of each page called a canned program "count.cgi" which counted visitors to that page, incremented "hits" per page, and stored them in a table displayed only to me. This was a way I could determine the popularity of various images. This cgi routine also does not now work - giving me an error message on each page.
Anyway, I am lost without these routines (particularly the first one to swap out images). Is it progress that my Cadillac website has turned into an empty wagon? Hope someone can help. I'm not a programmer.
My first guess is that you may need to change the line(s) at the top of your CGI file in order for the server to process them. For example, if using Perl, #!/usr/bin/perl is a common directory, and so is #!/usr/local/bin/perl.
Oh, and have you set the permissions to 755?
For starters: http://www.querryart.com/cgi-bin/pid.cgi does not exist. You might want to make sure the file is uploaded to the correct place.
Make sure that your host supports CGI scripts.
Make sure, your CGI scripts are uploaded at the correct location according to the info from your host regarding the installation of CGI scripts.
Make sure the scripts are executable (chmod 755)
Make sure, that the scripts are calling the correct interpreter (as pointed out by Steve).
From a quick check at your web site, it looks like the scripts are not in the right place because the webserver gives a 404 - not found. when I try to get /cgi-bin/pid.cgi
Furthermore, the fact that the script takes an absolute path as a parameter (cfile=/home/querryar/httpdocs/cgi-bin/dicont.cnf) looks like a glaring security problem allowing access to any files in your account. You should really consider a different solution