1. GoDaddy.com
申請國際域名,最大及價格最相宜的機構
XAMPP comes with sendmail, version 1.7.1 use fake sendmail, and version 1.7.2 use msmtp. In order to send email from PHP-based programs, you can enable sendmail using the following methods:
A. for version 1.7.1 - fake sendmail
1. edit c:\xampp\sendmail\sendmail.ini, modify the settings for your ISP
Mac OS X comes with Postfix, which is the program behind mail and sendmail that handles all email incoming and outgoing. The below is what works for me on my Mac OS X 10.5 Leopard, and I'm here to summarize it to help people and also help my own memory.
Essential Section - the following shows the minimal settings to get it working
1a. Configure the domain, SMTP server and authentication settings:
edit /etc/postfix/mail.cf and append the following at the end:
Please click the version you would like to download:
1. 成交活躍
2. 年期最好不要長過一年
3. 溢價不要太高(20%可接受)
4. 引申波幅低(50-60%)
5. 槓杆比率方面,對於較進取投資者,可選槓杆比率較大的,但風險相對較高
6. 於飄忽市,最好選價內或等價;若對後市有信心,可選輕微價外;若對大市非常有信心,可選較大的價外輪
維護本站運作,提供具參考價值內容,請踴躍捐助,作為贊助本站經費的一點心意!
1. remove all source comments and/or debug messages
- comments can divulge important information like database name, user logins, and passwords.
- debug messages can reveal trace of internal application details
- disable error reporting in a production site to avoid working details being revealed 2. don't use overly helpful error message
- error messages like "invalid username" and "invalid password" reveals a legitimate username.
3. never use default user id and/or password
- default user id (eg. 'root', 'admin' or 'sa') and default password should never be used as is.
4. don't put up a file unless you're ready to make it public
- even if no link is shown on the web pages, user may still get to it by guessing the filename.
5. never trust input originates from a client
- re-validate all input values on the server, don't rely on client-side restrictions.
- use white-lists and/or black-lists to validate input if possible
- filter out special characters, code, commands, and scripts from any input to avoid SQL- and Command-Injection, NULL-String Attacks or Cross-Site Scripting
- don't forget to check for all different representations of the same characters
- truncate all input at reaonable length to prevent buffer overflows
6. be careful with the use of hidden fields and URL parameters
- because value may be altered by malicious users to conduct State-Based Attacks
- use cryptic names whenever necessary to add some degree of protection
7. don't store important information in cookies
- because value contained and expiry timestamp may be altered by malicious users
- encrypt the data and set the secure flag and/or domains to increase security
8. implement good session management to prevent Session-Hijacking or Session-Fixation
- generate new session upon each visit, and protect the session id
- timeout session after a specified period, disallow expired sessions to be reactivated
- track if a session is used by more than one user, invalidate it if necessary
9. adhere to the 'least privilege' security principal
- only give users the minimum rights they need
- run your web server and connect to database using an account with appropriate rights, avoid the use of 'root' or 'admin'
10. use strong authentication
- enforce policy to use long password and user id with mixture of numbers, upper- and lowercase letters and punctuation
- use http-basic, http-digest, nonce, CAPTCHA or SSL to secure authentication if necessary
11. make sure your web server is well protected
- hide your web server identity
- use firewall, intrusion detection system (IDS) or bandwidth management to protect against Denial of Service
- avoid launching OS commands from the web server, and confine the 'root' directory of your web server to the document root
12. protect user privacy
- be aware of the use of User Agents, Referrer, Cookies, Web Bugs, Clipboard
- disable caching for pages that may contain sensitive information
- only use benign ActiveX controls or Browser Help Objects
13. protect your web services
- beware of WSDL scanning, debugging information or functions may be exposed
- verify the received XML content, paramters maybe tampered
- check for Recursive Payload attack, Oversize Payload attack, and External Entity attack
Other techniques/precautions:
- check whether actual byte count of data submitted match the 'content-length' of HTTP header
- use HTTP_REFERRER to check where the web request come from
- only use algorithms that are well known and secure when data encryption is necessary
- set PHP option "open_basedir" to restrict file access to certain folders
- set PHP option "allow_url_fopen" to "off" to disable data retrieval from remote location to prevent code injection
- explicitly declare and initialize global variables before use, and only use variables that you have defined
- use PHP addslashes(string) function to escape all the special characters
- use PHP htmlspecialchars() or htmlentities() with ENT_QUOTES option to convert all special charaters to HTML entities
PHPMailer is a great email component for PHP, however, it lacks the support of connecting to SMTP servers that requires SSL (such as GMail). Therefore, I've modified this version to add a "IsSSL()" method to the class to handle this.
Download HERE ![]()
擁有自己的網站,是一件很興奮有趣的事!然而,背後所付出的時間心力亦不少!此外,你可能還須繳付一些開支,去維持網站日常的運作,比如:登記網域(domain name)、網頁儲存(web hosting)、甚至購置硬件的費用...等等。
既然如此,我們何不借助自己辛苦建成的網站,賺回些少金錢上的回報?
擁有自己的網站,是一件很興奮有趣的事!然而,背後所付出的時間心力亦不少!此外,你可能還須繳付一些開支,去維持網站日常的運作,比如:登記網域(domain name)、網頁儲存(web hosting)、甚至購置硬件的費用...等等。
既然如此,我們何不借助自己辛苦建成的網站,賺回些少金錢上的回報?
維護本站運作,提供具參考價值內容,請多按廣告或踴躍捐助,作為贊助本站經費的一點心意!
|
httpd.conf 1. 讓 Apache 與 PHP整合 (使 Apache 懂得辨認 .php 檔案及呼叫 PHP):
LoadModule php5_module x:\full\path\to\php5apache2_2.dll
AddType application/x-httpd-php .php 2. 更改存放網頁的根目錄:
DocumentRoot "newpath"
<Directory "newpath"> ... </Directory> 要更改存放網頁的根目錄,先要將 DocumentRoot 設定由原有的位置,改為指向 newpath (eg. "d:\www")。但單單更改 DocumentRoot 並不足夠,您還要妥善設定新路徑的存取權限,訪客才可以瀏覽內裏的檔案,這便要透過 <directory "xxx"> 設定逹成。若不熟識如何使用 <directory "xxx"> 設定的話,最簡單的方法,是找出原本指向原有路徑的 <Directory "oldpath"> 設定,將當中的 oldpath 改為 newpath,這樣便可將原本指派給 oldpath 的存取權限,改為指派給 newpath (eg. "d:/www")。 3. 更改網站的 port no.:
Listen 8080
更改網站的 port no.,比如將網站由原本的 80,改為 8080,只要將 "Listen 80" 改為 "Listen 8080" 便可
php.ini
1. display_errors = On
2. short_open_tag = On
3. register_long_arrays = On (此設定會在 PHP6 中取消)
4. register_globals = Off (此設定會在 PHP6 中取消)
5. date.timezone = "Asia/Hong_Kong"
6. extension_dir = "c:/program files/php/ext" 或 extension_dir = "c:/php/extensions"
7. extensions=php_mysql.dll
|
維護本站運作,提供具參考價值內容,請踴躍捐助,作為贊助本站經費的一點心意!
錄製個人CD或VCD!專業錄音設備,電腦混音,即場協助提供專業剪接及執歌!

