Thursday, September 27, 2007

Python: Myths about Indentation

This is the place where to point your friends when they gripe about Python's "significant whitespace". There are even details on how it is parsed, for those who are interested.

http://www.secnetix.de/~olli/Python/block_indentation.hawk

The following is covered:
Whitespace is significant in Python source code.
Python forces me to use a certain indentation style.
You cannot safely mix tabs and spaces in Python.
I just don't like it.
How does the compiler parse the indentation?

Posted by Denis at 7:43 AM 0 comments

Labels:

Wednesday, September 19, 2007

SQL Injection Cheat Sheet

What is SQL Injection? From wikipedia: SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed

Here is a nice SQL injection cheat sheet. Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL

http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/

Table Of Contents
About SQL Injection Cheat Sheet
Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks

Line Comments
SQL Injection Attack Samples

Inline Comments
Classical Inline Comment SQL Injection Attack Samples
MySQL Version Detection Sample Attacks

Stacking Queries
Language / Database Stacked Query Support Table
About MySQL and PHP
Stacked SQL Injection Attack Samples

If Statements
MySQL If Statement
SQL Server If Statement
If Statement SQL Injection Attack Samples

Using Integers

String Operations
String Concatenation

Strings without Quotes
Hex based SQL Injection Samples

String Modification & Related

Union Injections
UNION – Fixing Language Issues

Bypassing Login Screens

Enabling xp_cmdshell in SQL Server 2005
Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.

Posted by Denis at 8:42 AM 0 comments

Labels: , , ,

Tuesday, September 11, 2007

Pydev 1.3.9 Released

Python Development Environment (Python IDE plugin for Eclipse). Features editor, code completion, refactoring, outline view, debugger, and other goodies - check http://pydev.sf.net).


Pydev Release: 1.3.9
--------------------

Major highlights:
-----------------

* Fixed problem when configuring jython
* Patch from paulj: debbugger working with jython 2.2rc2
* Patch from Oskar Heck: debbugger can change globals
* Added action to delete all .pyc / $py.class files
* Added actions to add/remove the pydev configuration from a project (previously, the only way to add a nature was to open a python file within a project).
* Ctrl+Shift+O: When used with a selection will consider lines ending with \ (without selection organizes imports)
* Auto-add "import" string will not be added when adding a space in the case: from xxximport (just after from xxx)
* Templates created with tabs (or spaces indent) are now converted to the indent being used in the editor
* Hide non-pydev projects filter working
* Don't show assignments/imports after if __name__ == '__main__': in outline
* Code-completion: after a completion is requested, pressing '.' will apply that completion (and if it has parameters, they'll not be added).
* Code-completion: when a code-completion is applied with Ctrl pressed (toggle mode), parameters are not added.
* Assign to local variable/attribute handles constants correctly.
* psyco changed for Null object for debug (so, no changes are required to the code if psyco is used while debugging).
* Code-folding annotations won't change places.
* Pydev package explorer will correctly show outline for files if the project root is set as a source folder.
* Pydev package explorer: folders under the pythonpath have a package icon.
* Unittest runner: handles multiple selection.

Posted by Denis at 12:22 PM 0 comments

Labels: , , , ,

Wednesday, September 5, 2007

Python for system administrators

As a system administrator, you run across numerous challenges and problems. Managing users, disk space, processes, devices, and backups can cause many system administrators to lose their hair, good humor, or sanity. Shell scripts can help, but they often have frustrating limitations. This is where a full-featured scripting language, such as Python, can turn a tedious task into an easy and, dare I say it, fun one.

The examples in this article demonstrate different Python features that you can put to practical use. If you work through them, you'll be well on your way to understanding the power of Python.


Read the rest of the article on the IBM site: http://www.ibm.com/developerworks/aix/library/au-python/?ca=dgr-btw01pythonosadmin&S_TACT=105AGX59&S_CMP=GR

Posted by Denis at 9:54 AM 0 comments

Labels: ,

Tuesday, September 4, 2007

Announcing Design Python Pattern of the Week

David Stanek is promising one of the Gang of Four Patterns a week - check it out here: Announcing Design Python Pattern of the Week

Posted by Denis at 10:09 AM 0 comments

Labels: ,

Subscribe to: Posts (Atom)