Help me brainstorm for a domain name

[CrAz3D]

I used to use crazedmind.net
Might just use crazed.net unless someone can help me come up with something flashier.

It's just gonna be a personal site.  Might temporarily host my College Republican site there, if we use what I made and all.

Anyhow, thoughts?

[Sidoh]

If you have any intention of using it professionally, I don't think I'd use crazedmind, haha.  Not sure, though... perhaps I'm reading too much into that.

[CrAz3D]

I went w/ dailycrazed.net


thnx Joe


& thnx Wires for the hella amounts of help/instruction/suggestion
& thnx Sidoh for the help thus far

[Blaze]

Tyler Benting has a bad looking website.

[CrAz3D]

Tyler Benting has a bad looking website.

hey, pssht, I'm workin on it....

[iago]

It's at kind of a weird path:

/home/.reik/craz3d/dailycrazed.net/index.php

I've never seen a user folder that starts with a "." before.

Either way, look up what a "remote file include" vulnerability is. Basically, make sure that a user can't control a variable that's going into an include() or require(). It seems that you're vulnerable to that (poke). It's not that big of a deal right now, but it'll be more annoying to change it later. :P

Fortunately, I get blocked if I try including something remote, but this could still be a potential vulnerability so watch out.

[CrAz3D]

How's that a vulnerability?...testtesttest doesnt exist on my site so how would someone make that and exploit me?

[iago]

You can generally include files on other, remote sites. Something blocks that, but it's still dangerous.

If anybody else has a site on the same server, they could inject stuff into your code.

If you, or anybody else on that server enables file uploads, it could be risky.

If there's a .inc file in another script that could be dangerous, it could be risky.

If somebody can find a way to include a file that doesn't end with .inc, it could be risky.

Generally, but not always, that kind of things leads to a Remote File Include. It's good practice just to not do it. It's not a bad thing that you have it, since I know you're new to PHP, but that's not the proper way to include files.

[CrAz3D]

How ought I to include them, then?

[iago]

I'm not a real web developer, but I generally use a script:

switch($page)
{
case "home"
   require('pages/home.inc');
   break;

case ...
...
}

I don't know if that's the best way to do it, though, Sidoh might be able to weigh in with a better answer.

[CrAz3D]

and that's better because it does just use the include("page.inc")?...

[Sidoh]

and that's better because it does just use the include("page.inc")?...

If you don't do what iago is suggesting (and a few other people suggested earlier), you leave yourself open to all of the things iago mentioned.  People can do something like "?content=../../../.otheruser/public_html/myscript.php" which can do all sorts of nasty things.  They could spit out contents of variables that store mysql authentication information, for example.

I normally do what iago has suggested.  I have a switch statement with the supported cases (eg home, gallery, calendar, etc) and then ignore (or produce an error message) for anything that doesn't have a case.

[trust]

shoulda just done tylerbenting.com or something

[Blaze]

I prefer just to filter out ".."s so they're limited to what in the folder, or in other folders above.  Any disadvantage to that?

[iago]

Filters are notoriously bypassable. It's better to just not get into the situation in the first place.