March 14th, 2010
I wanted to apply a different BGinfo-scripted background image as the wallpaper depending on what system a user was logging into, all using a single Group Policy.
This means that all servers are set to have a uniform background colour, but users on regular PCs are still be able to use any custom wallpaper on other computers without having to re-set it after each login.
While it is probably possible to create long-winded batch scripts to do what I wanted, it’s a lot easier to use the Group Policy Preferences (GPP) file options to control which BGinfo script is given to which systems.
One thing worth noting about GPP file control: I found that you have to use the “Replace” action rather than “Update” in Group Policy Preferences, as the targeted systems only update file attributes when using the “Update” action.
Step 1: BGinfo Scripts
- Create the BGinfo scripts, and then put them in a network share that any authenticated user can access.
- The BGinfo.exe file will also need to be in this share.
Read the rest of this entry »
0 Comments | Tags: Active Directory, Batch Scripting, BGinfo, Group Policy, Windows
March 3rd, 2010
In one of my recent lectures, the lecturer* told the class to use the PHP extract() function.
I hadn’t previously come accross extract(), so I looked it up… and was horrified (and slightly amused) that he was recommending it.
It was pretty obvious that using extract() is almost as bad as having register_globals turned on. (See the notes section on the PHP manual for extract())
Unless you’ve specifically taken measures against it, what’s to stop the user adding something like “&isloggedin=true” onto the GET query string or POST data? Or even worse, “&isadmin=true”!
Instead of using the extract() function, what’s wrong with using an array, a quick foreach and some variable variables?
Here is a very quick example (not perfect by any means, but you should get the idea):
/*
* Example of safe variable assignment from the POST data for some login form
*/
$myVars = array("username","password","rememberMe");
foreach ($myVars as $someVar) {
$formVar_$someVar = $_POST[$someVar];
//Will result in: $formVar_username, $formVar_password and $formVar_rememberMe.
//$$someVar = $_POST[$someVar];
//This could be used to give you $username, $password and $rememberMe
}The above example stops a malicious user’s extra GET or POST data from actually doing anything, but the resulting variables come out pretty much the same. Adding all your form or URL variables to the array is almost certainly a lot less work (and less of a headache) than it would be to add security measures to your code.
* This is the same lecturer that still
uses Netscape Navigator, so it’s hardly surprising that he’s still trying to use code practices that went out of date in the 90’s. He also recently posted this on the Uni
LMS:
“I have just discovered that Global Variables has been disabled on the server, which means it will be difficult for you to use session variables to implement your [coursework]. I have requested it be re-enabled [...]“
3 Comments | Tags: PHP, Security, Uni
February 28th, 2010
It took me a while to find out how to do this recently, so I’m posting it here (more for my reference than anything else).
Cisco ASA series:
enable
config t
config factory-default
reload saveconfig noconfirm
(Source)
Cisco PIX series:
enable
config t
write erase
reload noconfirm
0 Comments | Tags: Cisco, Firewall
February 27th, 2010
So, I made a new blog… And I’m going to try and post more frequently than before!
I’m still migrating bits and pieces over from the old blog, so if something’s missing or doesn’t work, that’s probably why.
And before anyone remarks on it, the new theme is intentionally simple (although I might still change a couple of small things).
5 Comments | Tags: Blog