News

We have discovered a bug in Guestbook Script that, under certain circumstances, allows a third party to inject code. A potential attacker would be able to spy out local files on the server or to inject malicious code that is located on a third party server. Affected are all versions including 1.7.

We have just added a feature to our short URL redirection project GentleURL that allows the users to create their own identifier instead of the machine generated code.

Months ago I was looking for a solution to log outgoing mails instead of sending them. This week I found a solution mentioned in Sean's PHP-Related Weblog.

The empire is expanding. ;-) We have created our own short URL service - called GentleURL. You can use it to create short URLs that redirect to your long URL.

This web log entry of Joshua Eichorn tells us about a new fancy technique of using JavaScript for background server requests. The advance is that a web application does not need to reload a whole page, but only parts of it. That saves bandwidth and therefore reduces the loading time of a page.

We have a new script in the family. Link Manager can be used as link section of a website or a personal bookmark manager. You can publish your links/bookmarks or hide them behind a login.

Some days ago, when all the phpBB vulnerability messages went through weblogs and other media, I wondered whether our products will ever get mentioned on Bugtraq. I cannot say that I wished to be there because it would tell everyone: Look at them, they write bad and harmful code -- keep your hands off. On the other Hand it would mean that we have reached a critical mass and that it is worth it to take the time, find an exploit and write the e-mail to Bugtraq.

It took us a few years but our products have finally got the doubtful honor of being mentioned in BugTraq. BugTraq is a "... full disclosure mailing list for the detailed discussion and announcement of computer security vulnerabilities ...".

MetaCollection is a directory that lists all the important CGI and PHP script archives.

The new version enables the users to list, change and cancel their appointments. The improvements are another important steps to reduce the workload of the operator and to give the users control over their appointments.

In the past I didn't care much about participating in PHP conferences and workshops. Just as little as I am crazy about meeting all those gurus and prominent PHP persons. But the PHP conference in Amsterdam this spring could have been an exception. Amsterdam is quite near to Hamburg and a try could not hurt.

It is time for some statistics. Maybe we can impress someone with those numbers ;-)