Somebody’s Gonna Pay!

Lots of Money

Today I finally closed the loop with regards to taking PayPal payments and activating licenses! Although there are still a couple of things to tie up, I have shown that I have the system working. And it’s beautiful.

I’m currently building an admin system, so that I can keep tight control over what goes on, and – once I’ve sorted the auto-email stuff – I’ll be looking to get this put on my public server soon.

Other than that, I suppose I really need to tie off the Java code completely, get installers created, and use ProGuard. Doesn’t sound like too much left to do when you say it like that 🙂




SQL Injection


At the moment, I’m looking to shore up the basic security of my server DB, including provisions to protect against the possibility of an SQL Injection attack.

Let’s say, for arguments’ sake, that I had some PHP code that looked like the following:

$query = "SELECT name FROM my_table WHERE id='" . $id . "'";

Normal usage of this – where, for example, an id value of 131 had been entered – would result in the following query:

SELECT name FROM my_table WHERE id='131';

If, however, I was a nefarious cunt, I might enter something like 131′ or ‘1=1, which would result in the following:

SELECT name FROM my_table WHERE id='131' or '1=1';

So some unwarranted SQL has actually been injected into the query, perhaps circumventing the purpose of the code. If this was, for example, a check to prove that a valid user exists (okay, the example SQL here is ridiculous and unfit for purpose, but anyway…), then this would provide the hacker with a result > 0 in all cases, and possibly grant access.

This is a highly simplified example of what can be a very complicated and costly attack, but it does highlight the basic premise of the method. Other possibilities are updating, inserting, deleting and worse.

I’ve been implementing various ways to combat SQL Injection on a basic level.



Almost Code Complete

As the title suggests, I’m all but code complete on DiagramBuilder v1.0.

All that remains is a general code tidy up, and any remaining licensing issues (which are diminishing as we speak).

Once this is done, my entire focus will be away from coding and more on administration/implementation of the release.

Just had to tell someone. Ta ta.



The Incredible Shrinking Task List

Well, I’ve been working as hard as yer nana for the past few weeks, grinding down my remaining v1.0 tasks until only the following remain:

  • Improve note generation following percentage +/- alteration
  • Finish off help implementation
    • Put all links into homepage
    • Include custom header/footer
    • Do all help content
    • Upload to test server
  • Code tidy up
  • Finalise licensing system
    • Upload to new server
    • Link up to PayPal etc.
  • Do ProGuard build
  • Produce OS-specific installers

Which is hardly anything at all, especially when considering that only 2 out of those 6 items are specific code fixes (a general tidy up doesn’t count!), so it’s looking almost ready.

I should get the note generation stuff wrapped up today, so the main focus will then be on getting the Help system up and running.

After that, I will be code complete, and my attention can then turn to more administrative tasks. I shall be releasing this damn application soon!