^^that will require good infrastructure and code optimization. Can think of that down the line but as of now it should be good enough. Probably some performance testing can be done . I guess I'll look for the tools for that.
Sure, check for Availability is good and can be done but I have seen in some sites that the check is done automatically on input.
Working for about a month over it. Reading documentation and thinking of how to implement takes some time but coding part is done pretty easily after that.How long approximately is each module taking to code?
And when do you do this? Weekends? or 7 days a week?
That can be done with onblur too. database requests are only for user id. So I guess leave it at onblur itself and remove the keyup.It's fine the way it is, the backend DBMS optimize queries under the hoods so if your `user_id` is indexed and unique the search time is negligible. The only scenario I think it could be significant would be if you were checking it on key events,which you aren'tEDIT: Oh wait, you are. Use onblur or onsubmit.
...Or perhaps if someone maliciously polls the script to generate 1000 requests/second >_>
Thanks.Looks Good & Cool
...Or perhaps if someone maliciously polls the script to generate 1000 requests/second >_>
Anyway to keep the throttling of database ?
here, looks good. Though I am not doing theming yet but once in a while gets bored of coding and resorts to CSS.Looks fine.
Can you change that X for the delete to something else? I know its functional, in fact, very functional. but looks slightly odd.
May be, a yellow pencil icon instead of the "Update" href and beside it a red x icon for delete.
Yeah, used CSS. Will not work with crap internet explorer. Will have to hack CSS separately for that.BTW, how did you get that textbox rectangle to be rounded at couple of corners? Is that via CSS? Looks cool - the price, quantity and subtotal align are slightly off I think, would look cooler if it could be aligned at 180.
[/quote]Edit: Just noticed the Proceed link. I think it should be a more prominent button, don't you think?
Where does Proceed go by the way? "Continue shopping" or "Checkout"? May be, two buttons with those names instead of Proceed?
SKU is chosen because it will be convenient and there wont be problem of duplicate product entries. Also, a quick check is done for already existing SKU in database while entering SKU in the field.The Design is nice. I noticed the SKU number. You seem to be entering the SKU number yourself. Wouldn't it be good to be using the Auto_Increment attribute of MySQL to generate unique SKU number for each product? That way, you'll be saving time entering a new product each time as SKU generation will be done under the hood.
Great! The alignment still looks a bit off though!here, looks good. Though I am not doing theming yet but once in a while gets bored of coding and resorts to CSS.
Yeah, used CSS. Will not work with crap internet explorer. Will have to hack CSS separately for that.
...Or perhaps if someone maliciously polls the script to generate 1000 requests/second >_>IMHO, any such use case would kill the network/app server long before it took down the db! Probably a function of connection pools!Anyway to keep the throttling of database ?
Question should probably be "any way to keep the throttling of the web server"!
Well, we did never get DOS if there was some foolproof way of doing that!
I was just jesting with that, Sheesh.
And there's nothning *you* can do about DoS/DDoS attacks rather the web server should/ought/might be the one checking of packets for floods (ineffective in case of DDoS). The only thing you should be worried is that *you* aren't overwhelming the DBMS with queries on key events when you have someone like @ico typing at ~ 90wpm. (Not specific to your project, but in general).
Think a thousand ICOs (Yes it's disturbing as well)[Anyway, 90 wpm is not gonna crash any db worth its salt! ]
I was jesting not testing@nbaztec
BTW, what were you testing with?
LOIC?
IMHO, from what I have seen, IDS/IPS systems are epic fails! Some even try to chase back to identify the attacker(s) (and confirm things in the process! How stupid is that! )
Well, if you lined up a 1000 ICOs, I guess I will line up a RAC!Think a thousand ICOs (Yes it's disturbing as well)
I was jesting not testing
LOIC is a fairly simple concept, nothing much complex, it's however the simplicity of it that catches my fancy. As for IPS/IDS, you can't blame 'em really. It's the very nature of IP that makes the task difficult for them. But that doesn't mean it's impossible or that they are epic fail. A trivial DHCP server log can uncloak you But given the fact that the laws of foreign lands rarely cooperate, it's a laudable practice - I'd give you that.
Well, if you lined up a 1000 ICOs, I guess I will line up a RAC!
Didn't get the part about "laws of foreign lands"...
But in my experience, a flawless IDS/IPS or even an IDPS seems utopian and unreal! An IDS tells me an attack is in progress, when, how, etc. And expects me to do something about it - meanwhile, I am losing business by the minute! An IPS generates too many false positives (disconnects valid business - my loss again) and is a little too easy to fool (!?! suspect the AV and Network Security Industry guys want it to be that way?! - anyway, reading signature patterns or reading load patterns is hardly an intelligent way to deduce an "attack" - have seen too many instances of peak load, line noise setting off an IDPS)... Both sit on my network and eat resources - its like I have to grease the greedy policeman to keep the extortion gangs out!
If I must do all of that, why can't I instead draw out a contract with my ISP, tell them to install a BFF (thats a Big F***ing Firewall ) on their end (don't see the logic behind a downstream firewall - if the bloody little rascala packets have to reach my downstream firewall to get blocked, why, they have already won half the war by clogging my lifeline to my ISP), configure it with some strict rules and maybe, use a IDPS to simulate an attack just to harden my rules (and then get rid of it) and then sit back and pray that someone with a big honeypot does not want to pawn my a$$?
It would still not mean 100% security (not like the IDPS would guarantee that either), but I got rid of resource hoggers and applications that sometimes like to chase back and confirm that the port the attacker suspected is open IS actually open!
The only advantage I can see an IPS might hold is that it will trigger even when the attack originates from inside my network! But I guess that is easily taken care of by architecting the network properly in the first place and having a second BFF inside the DMZ.
I guess I am just trying to say, if the very nature of IP makes a IDPS fall short of what it must do (or at least is expected to do), why use it in place of something which would let me do kind of the same thing with lesser resources and better accuracy! Granted a DOS would leave its marks on my logs, but the idea is to save my a$$ (my business), not sue people later on to recover the losses.
Lol no, I'm totally 100% unemployed.Dude, I was kinda presuming you work in Network Security and then I hit your site - holy cow! what are you, the Ankit Fadia we haven't heard of yet?!!?
Apologies, Faun. We'll bow out now.Anyway, we can safely conclude, that we have pretty much DDOS-ed Faun's thread here!
lol...a lot happened here guys
Ok, now the next step is to integrate paypal with the website. If I put up the value of amount in hidden field then it can be changed very easily by tampering the http header.
Has anyone got some experience with that ? What should I do ?
lol...a lot happened here guys
Ok, now the next step is to integrate paypal with the website. If I put up the value of amount in hidden field then it can be changed very easily by tampering the http header.
Has anyone got some experience with that ? What should I do ?