Paul Reinheimer’s profile

Senior PHP Developer working in Biomedical Information Science. Also: Photographer, Baker, Cyclist, Author. Views are my own.

Latest Comments


Hook us up Chris!

Posted in Link Blog and Planet Chris.

Wed, 20 Jun 2012 at 13:29:55 GMT


I have a few VPS units for WonderProxy with Gandi, and there's a few rough edges. As I mentioned in my Miles per Milisecond post they route traffic between Baltimore and New York through Paris. They also send out billing emails for pre-paid accounts with half the information you need to make an informed decision. They tell you what your pre-paid balance is, but not how much they charge you. That may be a bit simpler for a product like domain registrations however.

Posted in Domain Registrars.

Tue, 12 Jul 2011 at 13:52:35 GMT


All of those newlines look like whitespace code.

Posted in The Accept Header.

Tue, 31 May 2011 at 16:16:13 GMT


The strip_tags() function when comibined with allowed tags doesn't do much for you in terms of security. You yould be able to do something like <b onClick="evil-stuff-here"> in a bold tag if it's allowed. Tag allowances allow for attributes, many of which are evil :(

Posted in Allowing HTML and Preventing XSS.

Thu, 15 Mar 2007 at 17:56:03 GMT


I'd like to see that level of integration between my browser and sites I've chosen to "trust". Sure it's nice to see a colour coded address bar, but what does it really mean to me? Having ambient changes indicate that I really am at a site I trust would help a lot. Take it beyond the site, bring the browser into the equation, that way even if the site isn't doing it, the the browser can still help.

Posted in Ambient Signifiers.

Fri, 23 Feb 2007 at 02:26:01 GMT


I'm presently re-configuring my entire blog, with the new system launching with my new (far over due) layout and theme.

I'm planning on working with a combination of systems, something like yours of year/month/title, but also a short url of simply People give each other two urls in two fundamentally different ways, electronically and verbally. I want to support both.

Pretty urls like the ones you're suggesting work really well electronically, but I've always had a hard time reading such urls to other people, dashes, underscores, tildes, etc. just seem to cause confusion for the non-technical.

There are two difficulties as I see it, first search engines don't like duplicate content at multiple URLs, second how to give that duplicity of information to people in a consistent manner. I'm still working on thise.

Posted in URL Vanity.

Sun, 14 Jan 2007 at 00:35:42 GMT


That's it, Distance yourself from the project without even reading it :p

I think our original editor's departure only confused the recognition issue.

Posted in Web APIs with PHP.

Tue, 29 Aug 2006 at 01:47:15 GMT


Did you move?

Posted in OmniTI Seeks Junior Security Analyst.

Wed, 26 Jul 2006 at 18:53:14 GMT


I'm happy with your choice to stick to validating, rather than moving into escaping as well.

At present, I feel the methods involved in escaping data are pretty well understood, *_escape_string(), *_real_escape_string(), htmlentities() and such. It's validating data that I need help with :).

The only advantage I can see to moving some level of escaping into the framework is in terms of keeping up to new threats as they are discovered. Since presumably, updating the zend framework will be easier than finding my own use of the apropriate escaping functions in all my code. I could however replicate that functionality myself by using a single library for all my projects.

Posted in Zend_Filter Reviewed on SitePoint.

Wed, 29 Mar 2006 at 17:26:32 GMT


Point 9

Posted in php|architect: March 2006 Edition.

Tue, 21 Mar 2006 at 23:27:12 GMT


  • Twitter: @preinheimer
  • Location: MontrĂ©al, Quebec
  • Joined: October 2004
  • Comments: 18