Mike Chambers has posted information about a project that allows you to use AIR and other applications on your OS. You may remember the Artemis project from Effective UI, but recently (few months now) that project has been abandoned. It seems this new project, CommandProxy is a start in the right direction and it will be interesting to follow it.

You can find more information on Mike’s blog.

Note: This project is not supported by Adobe in any way, this is simply developers coming up with a solution.

… with the browsers on OS X? I am at a loss for words, but no matter which browser I use on the Mac I run into some sort of problem.

Uploading and caching bugs in Safari, excessive crashing in Firefox and untold memory usage in Flock.

I now have to run three browsers to check my mail, blog post and forum surf. Luckily my passwords are moving with each browser, but this is getting a little out of hand here.

Does anyone have a way to get at least one stable browser for the Mac? Don’t make me admit that IE7 in Parallels is gaining popularity with me.

The topic of security in PHP is a long standing one in the developer community. Often times you will find security is simply overlooked. The most recent example (that I found) is the Untraceable movie web site interactive puzzle game. Once you complete the game your time and name is entered into the database to be displayed on the high score screen.

Here is an example of that easy to modify URL (removed the full path)

http://…/score.php?score=02%3A41&name=JAMES%20B%2E

As you can see the time and username are clearly visible in the URL, which in this example is 2 minutes & 41 seconds.

Now that you can see the issue, lets look at how to stop this basic modification ability. This example will use ActionScript 3 and the MD5 library provided by Adobe’s AS3CoreLib.

import com.adobe.crypto.MD5;
 
var salt:String = "439df098";
 
function sendScore(name:String, score:String):void
{
  var scoreHash:String = MD5.hash(salt + score);
 
  var query:String = "?n=" + name +
    "&s=" + score +
    "hash=" + scoreHash;
 
  var req:URLRequest = new URLRequest("score.php" + query);
  var urlLoader:URLLoader = new URLLoader();
  urlLoader.addEventListener(Event.COMPLETE, scoreSent);
  urlLoader.load(req);
}
 
sendScore("James", "2:41");

Once the ActionScript is developed, the next step is to work out the PHP.

The PHP will take the same salt (which would be private) and test the hash to determine if the entry is valid.

<?php
 
// connection to database goes here
 
$salt = "439df098";
 
$name = $_GET['n'];
$score = $_GET['s'];
$hash = $_GET['hash'];
 
if($hash == md5($salt + $score))
{
  // Valid score submission.
  // enter score in database at this point.
}
else
{
  // error, log IP address for security purposes
}
 
?>

As you can see this code is not very advanced, but easily protects your score submitting or any type of form submission from fraudulent entries.