Friday, August 29

PHP Security Tips

There is a PHP Security Tips series in Zend, and here is the abstract:
1, Keep system up-to-date.
2, Don't output error message.
3, Use third-party security software or services.
4, Don't give critical files and folder default names.
5, Don't trust user. Filter Input, Escape Output.
6, Cast input numbers in SQL query.
7, Use session_regenerate_id(true) instead of session_regenerate_id().
8, Always validate user input. (AGAIN?)
9, Keep sensitive data and code out of your web tree.
10, Do not blindly send mail using information entered into a form to prevent email header injection.
11, Grant permissions to users only to the level needed.
12, Think carefully before using eval() for user input values. (AGAIN!)
13, PHPSecInfo. (TIP 3?)
14, Any data inside of a cookie can be potentially seen by others.(AND IT CAN BE MODIFIED AS WELL!)
15, Don’t forget to purge temporary system diagnostic files/code.
16, Keep Your Framework Up to Date.(TIP 1)
17, PHP Security Guide http://shiflett.org/php-security.pdf, design your application with security in mind.
18, Restrict the file types that you allow to upload, especially php file.
19, Consider your server network connection. For example, put database server behind firewall.
20, Read and learn.
21, Subscribe to the Security Focus newsletter, read and learn.

The notes in capital letters are mine.

Labels:

Friday, August 1

做一道数学概率题

丢硬币。已知正面与反面的总数相等。

1,如果只丢两次,第一次是正面。那么最后一次是正面的概率是多少?
答案:0%。第二次必须是反面,才能符合“正面与反面的总数”的条件。

2,如果只丢4次,第三次是正面。那么最后一次是正面的概率是多少?
前面两次不可能都是正面。
如果前面两次都是反面,那么第四次肯定是正面。
如果前面两次为一正一反,那么第四次是反面。
如果前面两次为一反一正,那么第四次是反面。
这两种情况的概率是否相同?
把正反次数相同的4次硬币的情况都列出来,有:
0011
0101
0110
1001
1010
1100
6种情况。排除第三次不是正面的,有
0011
0110
1010

所以,第四次是正面的概率是33%。

3,如果丢n次(n为偶数),第n-1次是正面。最后一次是正面的概率是多少?
在前面n-2次中,只有这些选项:
(n-2)/2 -1为正面,(n-2)/2+1为反面
(n-2)/2为正面,(n-2)/2为反面
这两种情况的概率各是多少?


结论:在“正面与反面的总数相等”的条件下,如果某次出现正面,则下一次出现正面的概率少于反面。