BlogmyQuery – BMQ

No matter how hard we try, we always seem to forget to secure certain aspects of our scripts, whether be it an input field or data being inserted into a database. It would definitely be nice to fall back on security precautions that we implement into our scripts whether or not we have sanitized everything needed. Here are some tips and coding styles to achieve just that.

The Solution

The difference this solution can make is massive depending on how large the script is. We generally know that the larger or more complicated the script is the more we will miss on securing things. Using a precautionary solution enables us to have automatically patched many things we may have forgotten to sanitize or secure.

For example, forms provide a way for users to provide data for input into your database or other storage methods. We know that forms are the general cause of security flaws in many scripts that fail to have properly sanitized input due to ignorance or the cause of forgetting to do so. Another common missed aspect is forgetting to sanitize superglobals such as $_POST, $_REQUEST, $_GET, and others.

Furthermore, developing a solution that performs the sanitization and takes security measures for us is an excellent fall back as it could do the patching work for us in many situations, which provides us the time to create a permanent fix.

Which Scripts Benefit the Most?

Many scripts we create may be too small to bother developing a fallback component, as it may be larger than the script itself. Thus, it will definitely be a waste of time to do so. However, if you are developing a fairly large system, whether hitting the mainstream or not, spending the time to develop a fallback component will definitely be worthwhile, especially if the system being developed handles transactions or is built around user inputted data.

If your script happens to fall in the too small to bother category, you can still take certain precautionary measures while developing it. These precautionary measures include frequently testing your work as you go along for security flaws and going over your work multiple times. These measures should also be taken in any sized project, as checking your work is always a great thing to do.

Creating These Solutions

Creating a fallback component depends on your needs and expectations of how it should function. It can be a complex solution and can automatically detect the input type and sanitize accordingly, or it can be a simple solution implementing a standard sanitization or security method throughout. You should remember that these fallback solutions create temporary security patches to certain security flaws until you can get in and create a permanent patch, thus, you should not rely on this component as your only means of sanitization and security.

When creating these solutions, creating classes is generally a good idea as they act as an interface handler for each of your solutions. In order to better understand and grip this idea I will briefly walk through a simple form handler class that takes a default sanitization method throughout.

Let us dive right in to the way this form handler class was structured and the way it functions. This class was designed to replace creating your own forms with its own infrastructure to assure that the form is handled securely. However, this class lacks auto detection of deciding what security measures to take based on the user inputted data, nevertheless, it does take basic security precautions to assure that the data being handled is not abrasive.

Examples and Best Practices

Let us look at one of its methods, the text area handler:

...
//begin a foreach to grab 'em values
foreach($array as $key => $value)
{
//begin the switch case to identify the values
switch($key)
{
Case 'name':
$name = $value;
Break;

Case 'class':
$class = $value;
Break;

Case 'id':
$id = $value;
Break;

Case 'value':
$i_value = $sanatize->specialTrim($value);
Break;

Case 'required':
$required = $value;
Break;

Case 'label':
$label = $value;
Break;

Case 'hint':
$hint = $value;
Break;
}
...

As you may have noticed, it automatically sanitized the user-inputted value, it is simple, however effective. In the code snippet above, it is running a check on all the possible fields available for a textarea box; this is designed to assure that unwanted fields are filtered out.

Another key aspect to this form handler class is the way it handles some of the superglobals mentioned earlier:

public function post($parameter)
{
$cleanup = @$this->stripBreak($parameter);
$post = @$_POST[$cleanup];
return $post;
}

/******
* @method public
* @return $_REQUEST
* @param string the $_REQUEST param which is sanatized
* This handles the $_REQUEST variable which also sanatizes its value
*/

public function request($parameter)
{
$cleanup = @$this->stripTags($parameter);

The iPad is well laid with touch-screen bliss, with that said, it provides us with enough real estate to make mockups, administrate, and develop a bit at home or on the go. Furthermore, we summed up 25 must-haves for designers and developers alike.

Evernote

Evernote lets you save text, web pages, and audio for later viewing. A great way to save your brainstormed ideas, websites, or the audio of what your client told you. Evernote’s interface is very intuitive and easy to navigate through, providing you functionality at your fingertips. Additionally, you can sync all your saved notes and recordings with your iPad, phone, or desktop, keeping you in touch with everything you wanted.

Adobe Ideas

Adobe Ideas is what you ideally need for sketching designs and mockups in your office or on the go. The intriguing interface lets you express your ideas easily and comfortably, allowing you to focus on your design and not on finding that “sweet spot” for your hand to rest. The application is also reasonably priced; you will not pay a penny to enjoy it.

iMockups

iMockups is a must application for whipping up quick mockups in minutes. It contains a plethora of premade items to choose from such as form fields, containers, video players, buttons, navigations, et cetera. As a user, all you need to do is drag and drop everything you need to attain what you are looking for. It is great way to show clients a basic idea of how you imagine their design to look.

Brushes

Brushes is an advanced tool for creating your simple or complex designs. It offers an immaculate zoom feature for better precision and a layering feature, which is always useful for creating drawings or website illustrations. The only drawback to the layering system is that you can only have up to six layers, thus, it can be a bit tricky to separate objects later on. Overall, however, it is a great way to illustrate on the go, where inspiration is around you.

HTML Edit

HTML edit is any developers’ or web designers’ companion. With syntax highlighting, ftp access, a local file manager, and a file uploader, you have all you need to modify and create your HTML goodies. This application is good for web designers who need to modify their code on the go or need to implement something small to their HTML files without the need of editing other file types.

Desktop Connect

Desktop Connect allows you to easily connect to any of your remote computers. This is great for accessing files that are not on your iPad, or for editing some graphics in Photoshop. Additionally, it is a great way to enjoy desktop capabilities right from your mobile device. Moreover, you can also load up your video presentations from your desktop and have the audio playing right through your iPad speakers.

iSSH

iSSH is an amazing and well featured SSH client perfect for quick server administration tasks. Since the iPad is all touch screen, it makes server administration a fun little activity, and with its intuitive design and multitasking capabilities, you will hate to go back to your basic physical keyboard.

FTP On The Go

FTP on the go is a fully-fledged iPad application designed to do exactly what an FTP program should do and more. Not only can you browse, download, and upload files, you can additionally edit them using the built in file editor. Moreover, you can also preview your changes right from the application’s built-in browser, it is all you ever wanted in an FTP program, pure bliss.

OmniGraffle

With OmniGraffle, you can easily create diagrams for any occasion.
It was designed with functionality and usability in mind, its fully-featured with multitouch gestures, draw shapes and drag objects, with smart-guides to make sure you create the perfect diagram every time. Despite being well equipped, this application is for hardcore professionals who need it on a daily basis to warrant its hefty price.

SketchBook Pro

SketchBook Pro is an amazing paint and drawing application packed with amazing features such as its multi-touch interface, layering system, blend modes, video output, and more. Its most notable feature is its video output, allowing you to project your SketchBook Pro screen to a larger screen or projector, great for presenting what you have made so far.

Web Page Developer

This application was designed for mobile development. You can easily download the files off your server, edit up to ten files at a time, preview for files locally, and have auto-correct running for you. It is a great application for web developers and designers alike.

Bento

Bento is a great way for developers and designers alike to store information about clientele or to organize their projects. It is a great way to carry all the information you need everywhere, consider it your digital notebook, journal, calendar, contacts book, and more.

Penultimate

Penultimate is your digital sketch and note pad. You can create multiple notebooks and store different information. For example, you can have a sketches notebook, a notes notebook, and a doodles notebook. Additionally, there is no limit on how many notebooks you can have or how many pages in each of them.

Dropbox

The dropbox application is an extension of the dropbox service. You can upload files and download them to and from dropbox account. A great way to keep all your files stored and organized that can be accessible from any device!

Gusto

Gusto is a unique web development application; it allows you to edit files from your website, create unique icons for each of your projects, and more. With its built in FTP program, you can download and manage all your files right from Gusto, and with its tabbed editor, you can modify multiple files at ease.

Masque

Masque is an interesting image editor for the iPad. You can import all your photos from Flickr, facebook, or your photo library. The editor allows you to add cool effects to your images with its vast amount of tools and great layering system. It is a definite must have.

Color RGB

Color RGB is a simple yet intuitive tool that helps you find colors and provides the hex code and hue of each. With its favorite tool, you can store as many of your favorite colors as you want.

Moodboard Pro

MoodBoard, as its name describes, is a tool that allows you to save your thoughts, photos, and ideas for later viewing. It is great for storing your creative ideas for your designs.

Analytics HD

Analytics HD is your mobile Google Analytics application. You can do everything expected with this application but in a fun and intuitive way, and most importantly, on the go.

MindNode

MindNode is an application to map out and collect your thoughts and ideas. It is a great tool for brainstorming, planning, and organizing. With its intuitive and friendly design, you can enjoy brainstorming at a completely new level. Additionally, its export feature allows you to export your maps right to your mac.

Air Display

Air Display extends your desktop giving you touch-screen real estate. It is definitely an amazing application and a great substitute to purchasing a touch tablet specifically for your PC.

Font Displayer

Font Displayer gives you the capability of checking out how fonts look like before using them on your projects. It is a great intuitive tool to discover new favorites or find old favorites that were forgotten.

Quill

Quill is an intuitive vector-drawing program. While its simple, it is great for creating quick vectors on the go, not to mention, it is quite fun to work with as you can feel your artwork come to life.

Photogene

Photogene is a great image manipulation application. You can crop, resize, rotate, and add nifty effects to your images all through a great interface. A definite must have for designers.

Ego

Ego is a must-have application for those utilizing a plethora of tools, as it is a central location for all your favorite necessities. Access FeedBurner, Google Analytics, Mint, Tumblr and many more all from one application.

Effectively communicating with your client is not only an integral part of your relationship but one that’s vital. It will also aim to help you understand tasks, projects, and the needs at hand. Without proper communication between you and your client chaos will likely have its way and several unfinished projects would be the norm. As humans we thrive on communication, it’s a necessarily and an important part of our everyday lives. Now imagine how things would be if there was wasn’t any viable flow of communication with your clients? Nothing pretty.

Within this article we’ll touch base on 5 tips that will help you improve your communication for a much higher level of interaction when it comes to you and your clients. You must also remember that every client is different and will require different levels of communication. Try to find a balance and work with your clients.

Employ Active Interest

As any seasoned designer would tell you it’s in your best interest to show a little interest in what your client has to tell you. If a client feels like you don’t care about what they say then unappreciated feelings begin to surface and will ultimately lead to a strained relationship.

As unimportant as you think the things your client has to tell you are, take the time to listen and interact with the client. There’s a time to listen and then there’s a time to speak. Make sure you have a balance of the two and make your client feel as if they were the only gem in the sea. Well maybe not that far, but you get the point.

Ask Questions That Will Shed Light

You might of heard this a billion times, but we can’t stress enough the importance of asking questions. Listening to your client is extremely important, and as you ask questions you open up more opportunities to listen, gain clarity, and interact.

If you don’t ask any questions your client will either think you’re a Zen (web) Master or you don’t really care/want to deal with the project at hand. Odds are they’ll think the later. Questions are also a fundamental building block to the inception of your clients project. The best way to get the jump on a project is to ask questions on the things your mind is possibly breaking a sweat to comprehend.

No matter how “stupid” or irrelevant you believe your question to be, as long as it pertains to the project it’s best to clarify then assume. It could be the difference between going back and fixing a few lines of code or having to re-code a site. However that doesn’t mean you shouldn’t aim to ask the most important questions first. It can depend on your client and the amount of communication they may want. Some of you may remember our previously written article that outlines 14 Questions To Ask Your Clients Before and After a Project.

Free Consultations Anyone?

You may not want to hear this but if a doctor can give free consultations on a minor health issue (they do exist) then so can you. We’re not saying that you have to be 100% disposable at your clients every whim, however, don’t turn them away if they have questions or need something thoroughly explained.

You should also voice your educated opinions when needed. In example, if you truthfully believe the color your client wants their links will interfere with the accessibility of the user interface then make this known in a respectful manner. At the end of the day even though this is your clients project, it is your work and it will be more than likely displayed in your portfolio.

Many of the clients you come across will not overlook your advice, but they will respect them instead. They will also appreciate the fact that you have their best interest at mind. With all the above being said, never turn away a client if they have any concerns. If you don’t have the required amount of time needed to deal with a concern, then respectfully tell them you’ll get back to it at a more convenient time. They’ll understand.

Enhancing Professionalism and Being Respectful

You may ask what this has to do with communication, and we’ll tell you it has everything to do with it. You must assure you clients that you’re a professional beyond your web presence, and most of all, you’re respectful in every possible way.

Because in most cases you’re probably not going to be face to face with your clients, you have to asses the way you approach them. You have to remember that when you write an email and even if it’s over the phone, your client cannot see your facial expressions, however, they can definitely sense what you’re feeling in your words or tone of voice.

Respect goes hand in hand with professionalism, and the two will ensure that you conduct yourself accordingly even if the client decides to break a contract (for example). You never know what client will be a bi-product of a past client relationship.

Provide Examples and Reasoning

There are two parts for providing examples, the first one is to ensure that you give your clients proper examples when it comes to the communication on how you will implement certain technologies and techniques within their project. This will allow them to visualize how these adaptions will work and the effect they will have on their project whether positive or not.

The second is to have supporting examples on anything your client needs clarified. There may come a time where your client may question your methods or the way you manage their project. Be sure to have an ample amount of examples that will support and justify your actions.

Also, strive to be reasonable when it comes to the decisions you make and the ones your clients may want you to take. After all, it’s their project and hopefully if you’ve taken it under your wings they’re paying you accordingly for it. Behind reason there’s rationale. As long as you practice being reasonable, then you’re well on your way to fruitful and communicative relationship.