This update fixes some security issues related to cross site scripting. User entered data is now escaped with the PHP “htmlspecialchars
” function.
Archive for April, 2008
Akount “revision 12” released
Sunday, April 27th, 2008Keeping data secure in Google App Engine
Thursday, April 10th, 2008While going through the “Getting Started” documentation provided for Google App Engine, I noticed something interesting in the “Using the Datastore” section. The datastore included in the App Engine is not a relational database, but it has some similarities. When querying the datastore, you can use GQL, which is similar to SQL. For instance:
greetings = Greeting.gql("WHERE author = :1 ORDER BY date DESC",
users.get_current_user())
Notice the parameter replacement where “:1
” is replaced with the value of “users.get_current_user()
“. The documentation states:
Unlike SQL, GQL queries may not contain value constants: Instead, GQL uses parameter binding for all values in queries.
As Wikipedia points out, using a parameterized statement like this GQL parameter binding is one way to mitigate an SQL injection attack. The SQL injection is mitigated because the parameter value can consistently be properly escaped within the execution of the parameter binding. I find it very interesting that Google decided, in implementing GQL, to enforce the use of parameter binding. This must have been a conscious decision to help App Engine developers to make their apps more secure. I think that this is a good decision.
Worked through the Google App Engine “Getting Started” introduction
Tuesday, April 8th, 2008I just finished trying out the Google App Engine “Getting Started” introduction. I haven’t programmed in Python for a very long time. The introduction was pretty cool.
Except for the problem with Windows in the static file CSS example. I found a discussion about the issue by Googling “App Engine InvalidAppConfigError”. They have a simple work-around to get the sample to work. But it looks like there will have to be fix in the API for the problem to be resolved.
But all in all, this is a pretty neat framework. I look forward to playing with the SDK some more.
(And being a pilot, I am a bit biased toward the App Engine logo. You can see it at the home page. It is a jet engine with wings and a vertical stabilizer. 🙂 )
My first Butterfly program… success!
Monday, April 7th, 2008My first program, Blinky, from the “C Programming for Microcontrollers” book has been downloaded to my Butterfly ATMega169 and works. The program cycles through 8 LEDs, turning one LED on at a time. It looks like the Cylon robots (old school – or the newer Cylon Centurions from the new series) robots. (Or the original KITT from “Knight Rider”.)
I had a problem initially with downloading the “hex” file to the Butterfly. It appeared to be the serial port… ahhhh, serial ports. So, if you get the Butterfly++ Mini-Kit, you get a DB-9 female connector and some wire. The “Butterfly++ Mini-Kit Assembly Instructions”, and the book, instruct that you are to wire the DB-9 connector to certain holes on the Butterfly. The instructions indicate that you cross the transmit and receive lines from the Butterfly to the connector. Okay, all is good… so far.
It is very hard to find a serial cable now: USB rules. But I did find a USB-Serial adapter at Best Buy. One end is a USB connector and the other end is a DB-9 male connector. I installed the driver, for Windows XP, and installed the cable. It installed like a charm as “COM5”. I was able to use the terminal program provided on the CD with the book and use “COM5” and communicate with the built-in Butterfly program to set my name for the “name tag” function of the factory-programmed Butterfly.
But then when I used the provided AVR Studio to try and download the Blinky program to the Butterfly, AVR Studio couldn’t find a suitable device. Hmm. It appeared the AVR Studio provided on the book’s CD wasn’t working with the USB serial device. I even tried upgrading to the latest AVR Studio downloaded from the Atmel site. It still wouldn’t program.
I did have a “real” serial port on my computer, which is a DB-9 male connector. But I couldn’t find a DB-9 M-F connector in my collection of cables. I had null modem DB-9 F-F and DB-9 M-M (null modem cables have the transmit and receive links cross-linked). Then I thought, wait! The Butterfly has a DB-9 female connection and the computer has a DB-9 male connector; just hook them together. The problem is the Butterly DB-9 female connector is connected to the Butterfly with about 2.5 inches of wire. So it took a bunch of rearranging to get the Butterfly close enough to the serial port on the computer, which is in the back of the computer. But I was able to get the Butterfly, the power supply, and the breadboard with the LEDs for the Blinky project close enough. Now, with the Butterfly directly connected to “COM1”, the AVR Studio found the device. I was able to download and program the Blinky.hex file. After successfully downloading to the Butterfly and cycling the power to the Butterfly (and moving the joystick “up”), Blinky started up and blinked the LEDs, sweeping back and forth.
So it appears that I need a DB-9 M-F “straight through” serial cable. (I have seen this type of cable referred to as an “extension” serial cable too. No wonder everyone likes USB better-it just seems to work, but it is more complex at the signal and component level.) I was able to find at Cables for Less a six foot DB-9 male to female cable for $1.89. I ordered it. With shipping the total came to $8.48. Hopefully it will come soon so that I can get the Butterfly out from behind my computer. But at least I have successfully tested the ability to program the Butterfly.
(I think that there is some way to download the hex file using avrdude instead of the AVR Studio. This may allow the USB-Serial adapter cable to work on “COM5”. But I haven’t had a chance to try that yet.)
Butterfly++ WORKS!
Saturday, April 5th, 2008I had purchased a “Book + Butterfly + Projects Kit” from Smiley Micros some time ago. The AVR Butterfly is a demonstration board for a Atmel AVR ATmega169PV microcontroller. The package that I purchased included, in addition to the Butterfly, a book and some components in the “project kit” to execute the samples from the book. The first thing that you have to do is add a connector it the board so that you can add a serial port connection. The serial port connection is used to download code to the microcontroller. The kit includes some wires and a female DB-9 connector which you get to solder together. I did it (successfully). The kit also includes a battery pack that you get to mod to add an LED as a power indicator and some headers to solder to the Butterfly to make it easier to attach and reconfigure wires to the device.
After performing this preliminary soldering, I followed the test procedures to make sure that it works. I was able to power the Butterfly from the external battery source and download my name via the serial port to the Butterfly. (The Butterfly has a sample program that will display your name on its LCD display.)
Now that the preliminary work is done, I can try the samples from the book… (I am finally putting my EE degree to use!) and maybe write my own code. (Yeah, I do write code, like web applications, for a living. Not usually something as cool as making blinking LEDs!)