This video shows an installation of PHP 5.6 on a fresh install of Windows 7 including installing and configuring IIS7. There are some delays due to User Account Controls and waiting for IIS to install but I don't currently have the tools to edit the video.
Views: 83232 Luke Briner
This is simply redirecting the user on the server-side with unvalidated data that has originated outside of your control such as a querystring or previously saved data. An attacker can abuse this to forward a victim via the vulnerable web application to an attackers site.
Views: 5043 Luke Briner
Royston is the simplest simulation from simsig.co.uk but contains most of the information you need to know to operate all of the simulations. This is a brief introduction to how the user interface works, how to route trains and how to change headcodes.
Views: 4930 Luke Briner
Direct object references exist on almost all web applications as a way to tell the server what object you are accessing. If you do not carry out authorisation checks on that request, the reference is insecure and an attacker can easily exploit it to see objects they shouldn't. The vulnerability is most often related to URLs but applies to any user input where an object id is used such as search boxes and form posts.
Views: 7403 Luke Briner
This video looks at the default access control mechanism in Yii 2.0 (Access Control Lists) and how this is very limited and not very useful for a production site that has more than a few users. We discuss the concepts of role-based access control and what some example hierarchies look like and then show how this is enabled by adding a database migration and the use of an rbac admin extension. We then look at how we check permissions in code and how we can use the routes restriction provided by the plugin to more easily control permissions. See https://github.com/yiisoft/yii2/blob/master/docs/guide/security-authorization.md for more details. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 42020 Luke Briner
By default, Yii will display an edit box for the id number of a foreign key. Most of the time, the user will want something more useful like a display name or similar in, perhaps, a drop down list. This video shows how your relationships are used to populate a dropdownlist control, something you will probably want to do soon after you start developing. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 13561 Luke Briner
Some background, basic details and comparison of SAML/Shibboleth, OpenID, OAuth2 and OpenID Connect to give an idea of the single-sign-on authentication landscape.
Views: 8353 Luke Briner
A very brief overview of session management and authentication and ways in which it can be subverted if you are using a weak system to implement it. This video can't go into too much detail because there is a lot to know about it but hopefully this gives a basic overview of what it means.
Views: 12867 Luke Briner
Briefly discusses the merits of using Yii 2 as a framework and then describes how we download and create a Yii 2 application, as well as some of the problems with Composer. It then describes setting up the site in IIS7 ready to test and develop. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 11876 Luke Briner
This video looks at how the "web user" class in the Yii framework links to a user-provided model class responsible for authenticating the user. We discuss the shortcomings of the basic template in that it lacks the database table for users and then we copy over the content from the advanced template to rectify this and end up with a database-driven user system. The problem I had with the password range validator was that I had set 'not' to 'true' but I should have used true instead. Apologies for the errors during this tutorial, I was having to do it on the fly and at one point I have to pause the video to fix something. This was caused by me copying content from a modified advanced template site, not a fresh one. If you copy from a freshly created template, you will not have the same errors. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 7885 Luke Briner
This video looks at Yii 2.0's validation and rules, including data type validators, non-validation validators! and using the SafeValidator for marking properties as safe for "massive assignment". The list of available validators can be found here: http://www.yiiframework.com/doc-2.0/yii-validators-validator.html and some more description about models, scenarios and validation can be found here: https://github.com/yiisoft/yii2/blob/master/docs/guide/structure-models.md The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 6745 Luke Briner
Continuing on from the previous video, this video looks at creating models from database tables, including relationships automatically generated by Gii from foreign keys. It then looks at creating the controller and views for this model, demonstrates what these look like by default and shows how to handle updating the model when the database changes. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 9038 Luke Briner
The first in a series of PIC microcontroller tutorials covering some basic programs followed by some more advanced features.
Views: 5920 Luke Briner
Cross-site request forgery is basically caused by tabbed browsers sharing session between tabs and automatically sending any cookies to a URL that originated them. An attacker abuses this by calling an action on another site that the user is logged into and without CSRF protection, the target site will not distinguish between user and attacker and carry out the action.
Views: 6666 Luke Briner
This video is about function-level access control which simply means checking inside every action on your application that the current user has permission to call that action. Just because you didn't offer somebody a button or menu item, doesn't mean they can't call the action on the server, which is why the check is important.
Views: 2739 Luke Briner
This brief video talks about how to use database migrations - storing your database changes in files so that they can be applied in order to a database, they can synchronize developers and help deploy to production sites without lots of manual work or manually running SQL directly on databases. The reason my demo of $this-primaryKey didn't work is that the demo project is running on an older version of Yii2. Run "composer update" in the root of the project and it should give you a newer version with helpful shortcuts to use in migrations like: :code examples not allowed: etc. See http://www.yiiframework.com/doc-2.0/yii-db-schemabuildertrait.html for details No new code was added but the demo project is here: https://github.com/lukos/yii2-tutorial
Views: 5466 Luke Briner
Yii provides some really powerful tools to translate both text and also numbers and dates into locale-specific formats and languages. This video walks through how this works, how to set it up and use it and also an example of how you could use a language selector widget to make it easy for the current user to change language. The Yii guide for internationalisation is here: https://github.com/yiisoft/yii2/blob/master/docs/guide/tutorial-i18n.md Any questions or comments, please add below. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 11222 Luke Briner
This video covers how Yii routes the urls to the controller actions and in reverse how it creates urls based on controllers/actions which can be used in hyperlinks, menus etc. This is quite a long video but covers most of what is found in the guide: http://www.yiiframework.com/doc-2.0/guide-runtime-routing.html The source code for this tutorial is found at github: https://github.com/lukos/yii2-tutorial Please leave comments or questions below.
Views: 10709 Luke Briner
When you first install Yii and run the CRUD generator, it is obvious how views can bind to single models, which bind to single database tables but what if we need to do something more complex like binding to multiple database models or when there is data in the form but it is not used for saving to the database. What if we need to display static data? This video looks at how views bind to models and the two types of models available to us to perform either simple or more complex binding of views to data. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 4945 Luke Briner
Most of us use third-party libraries an components for all kinds of things in our applications, databases and servers. Each of these can contain vulnerabilities but we can only act on the known ones. Using a combination of process, policy, homework and CVE databases, we should try and make sure we are regularly checking our software for these known vulnerabilities and patching them to suit.
Views: 2527 Luke Briner
Sensitive data is any data that has value i.e. most of it! We need to consider the value of the data we hold and apply suitable mostly cryptographic protections to ensure this data is not exposed incorrectly. Data is also protected by other items in the top 10 such as SQL injection protection and insecure direct object reference protection.
Views: 3651 Luke Briner
A very quick run-down of what it looks like when you follow this tutorial: https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html This starts with the client setup and then looks at the server-side, and the additional settings that are available when configuring the server library.
Views: 10951 Luke Briner
Starting from a freshly installed Yii 2.0 basic template, this video introduces Netbeans as an IDE and looks at the folder layout for Yii 2.0 and then creates a Sqlite database, populating it with a basic table. Gii is introduced with the model generator demonstrated and then database migration is described as a way of controlling database work. The source code for the tutorial is on github here: https://github.com/lukos/yii2-tutorial but please note that changes are continually made to the repository as the tutorials are made and might not match the tutorial exactly.
Views: 8104 Luke Briner
In this video, I introduce the foundations of Yii2 database access and discuss DAO and QueryBuilder. In most cases, you will not use these directly, you would use ActiveRecord but since ActiveRecord is based on these and shares some of the same functionality, I thought it best to start here. Code is on github here: https://github.com/lukos/yii2-tutorial
Views: 4982 Luke Briner
Each train that you need to signal through your control area is based on a timetable and has a headcode. The timetable dictates the timings that are planned for the service and which will minimise disruption to passengers. The headcodes are unique within a control area and allow the signaller to have an idea of where each service is going to.
Views: 1503 Luke Briner
Views: 3619 Luke Briner
This is an overview of the various parts of the Bristol simulation provided by simsig.co.uk. This is a difficult and busy simulation and although it is just about manageable for one person with the speed turned down and without a spare second to think, it is much more practical to do with 3 to 5 people, each looking after one of the 5 panels. Any questions or comments, please post below.
Views: 1054 Luke Briner
A brief introduction to Composer packages in Yii. The difference between require and require-dev is that with the dev requirements, you have the option of ignoring them when performing an install or an update with composer. This can be useful when running composer on a production server where you don't want the dev dependencies installed. Code is here: https://github.com/lukos/yii2-tutorial
Views: 1397 Luke Briner
Security misconfiguration is a blanket term used to describe configuration at all levels in the web application stack from the OS but including databases, firewalls, frameworks and the web server. There is lots to get right but there are tools and guides to most of it that will need to be understood to do things properly.
Views: 4479 Luke Briner
In this video, we look at how to read inputs both in C and Assembly and also refer to the difference between "active high" and "active low" wiring. We also look at the problem that switch bounce can cause when being read very quickly by a microcontroller input.
Views: 3340 Luke Briner
A quick run through of the various Yii2 functions that allow very rapid creation of REST APIs including binding to a mongodb database instead of the usual SQL one. Code is based on the basic template with changes as described at https://www.yiiframework.com/doc/guide/2.0/en/rest-quick-start If you want the template code to work from, it is uploaded at: https://github.com/lukos/yii2-api-mongo
Views: 2360 Luke Briner
In this video, we look at caching: data, fragments, pages and the use of dependencies. Client caching is not covered here but is in the guide: http://www.yiiframework.com/doc-2.0/guide-caching-http.html Sorry about the problem with the books controller. It was caused because somehow the namespace in BookController was changed from app\controllers to app\Controllers. I also forgot to mention database caching. Two examples can be found in SiteController::actionIndex() commented out (works for Active Record and DAO!) Code is here: https://github.com/lukos/yii2-tutorial
Views: 3493 Luke Briner
I bought two brand new Graham Farish "N" class locomotives in N gauge/N scale and this is me unboxing one of them for the first time, having a look at what is included and putting it on my test track for some running-in before fitting a Lenz silver mini decoder.
Views: 2225 Luke Briner
The first of a series of videos helping you to setup Visual Studio for creating cross-platform games using CocosSharp. This video takes you from an introduction to creating and running the default Android "game" in the Android virtual device. The instructions for adding the CocosSharp templates are here: https://forums.xamarin.com/discussion/30701/cocossharp-project-templates-for-visual-studio Home page for CocosSharp is here: https://github.com/mono/cocossharp
Views: 905 Luke Briner
A slightly longer video covering lots of stuff to do with ActiveRecord database access. I'm sure you have loads of questions but hopefully this should answer some of them! Code is here: https://github.com/lukos/yii2-tutorial
Views: 3772 Luke Briner
This video is a PowerPoint presentation introducing Regular Expressions, what they are for and some of the basic patterns to use. It is aimed at the people viewing the Yii 2 tutorial videos since regexes are used a few times in Yii 2. Any questions or comments, please leave below.
Views: 190 Luke Briner
In this video, we look at the most basic program for a PIC in C and Assembly - switching on a single output on the device. There is some configuration to understand and a standard way of laying out a program.
Views: 2577 Luke Briner
An intro to the operation of the Exeter signalling area courtesey of simsig.co.uk. An easier simulation for newbies and people with a little more experience that starts slow but has plenty to occupy once the morning rush starts. Exeter covers the main lines between Bridgwater and Ivybridge with branches to Paington, Barnstaple and the old LSWR line towards Honiton.
Views: 154 Luke Briner