1) You need to salt your passwords.
"Assume a user's secret key is stolen and he is known to use one of 200,000 English words as his password. The system uses a 32-bit salt (like md5). Because of this salt, the attacker's pre-calculated hashes are of no value. He/she must calculate the hash of each word with each of 2^32 (4,294,967,296) possible salts appended until a match is found. The total number of possible inputs can be obtained by multiplying the number of words in the dictionary with the number of possible salts:
2^{32} \times 200 000 = 8.58993459 \times 10^{14}
To complete a brute-force attack, the attacker must now compute about 800 trillion hashes, instead of only 200,000. Even though the password itself is known to be simple, the secret salt makes breaking the password radically more difficult." - http://en.wikipedia.org/wiki/Salt_(cryptography)
In my last posting, I demonstrated how to create a header and footer file to be included at the top and bottom of all, or at least many, pages. This makes it easy to modify those parts and have the changes automatically spread across all the pages that share that header and footer file. This is one of the things a CMS simplifies for the user.
But what if part of your header, or footer, file is your navigation system and you want the button or link to change when the page associated is chosen? That means your header, or footer, must change depending on what page it's included on. Actually, that's one of the beautiful things about PHP - since it's commands are processed prior to the display of the page, you can program those changes to happen for you automatically.
For several years now, I've been creating mini CMS's without realizing it - actually before there was such a term. It's made all the difference in the world in maintaining websites, especially with over 50 sites like we watch over. How do I do it? Thought you'd never ask. :)
This requires either PHP or SSI (Server Side Includes). I'll be talking about the PHP method here, but can show the other if there's a demand.
First step is to create your first page normally and get it just the way you want it. Then examine your source to see what will be repeated on the rest of the pages on the top and bottom.
Whatever part of the code will be repeated at the top of each page, remove from your page and paste into a document of it's own called header.php. The part that will be at the bottom of each page, remove and place in a document called footer.php. In your original document, put the following in place of the contents of the new header.php:
Ok, I made a basic guestbook script in PHP yesterday that you can use without having support for MySQL. I thought maybe someone would like it so I have uploaded it.
The guestbook is self installing, just run the script once and everything will be installed! (remember to rename the file to guestbook.php not guestbook.txt first...)
[edit]Now I've also created one for XML. It works just as the other one, but you don't need to us sqlight... Also remember to rename the new file to gb_test.php, not gb_test.php_.txt, then it won't work...[/edit]
Now I'm just realy getting annoyed because I need more than 100 words in this stupid blog entry... Wonder if I've made that by now..
