Archive for April, 2008

Time It! now has task filtering

Monday, April 21st, 2008

Task filtering with Time It!

Time It, Supernifty’s free online time tracker, has just undergone a significant enhancement – task filtering.

The reporting functionality now includes the ability to exclude or include specific tasks.

So you can easily

  • generate reports,
  • generate charts, and
  • calculate totals

for a subset of your tasks, for instance, only those for a specific project or client.

Hurrah!

PHP sessions on shared hosting – Hack It! #3

Saturday, April 19th, 2008

PHP

If you use sessions with PHP on shared hosting, there are a couple of potential issues:

  • You might be vulnerable to session hijacking. PHP stores sessions as files. Where are they being stored? If they are stored in a publicly readable directory such as /tmp (the default), then other users of your shared host can hijack any session from your website. The session ID is part of the filename, so an attacker can build his own cookie that will be authenticated by your website.
  • You don’t have control over session timeouts. The default session timeout is 24 minutes. From the php manual: “If different scripts … share the same place for storing the session data then the script with the minimum value will [determine the session timeout]”.

So… by default, sessions timeout after 24 minutes, which I think many users would find pretty irritating, and you are vulnerable to session hijacking from anyone having access to your shared server.

Not good!

The solution. Here is one way to solve both of these potential issues. Whenever your code starts handling a session, include the following PHP:

ini_set("session.gc_maxlifetime","21600"); // 6 hours
ini_set("session.save_path", "/your_home/your_sessions/");
session_start();

The first setting is the timeout in seconds, so for each hour of session survival, add 3600.
The second setting is the path to save session files to. Change this to a real directory in your home directory. Note that the first setting will not work unless you set this. Also note that the process running PHP needs to be able to write to this directory.

With this hack you can increase the security of your PHP sessions, and have them timeout over a period appropriate to your website. Hurrah!

Announcing Time It! – a free online time tracker

Monday, April 14th, 2008

Online time tracking with charts

I’m pleased to announce Time It!, a free online time tracker.

Time It! is ideal for recording how you spend your time.
If you:

  • Need accurate timekeeping for your consulting or contracting business
  • Are project managing and need a breakdown of time expenditure on different tasks
  • Feel the need to see what you spend your time doing each day in a bid to improve productivity

Then Time It! may be the ticket.

Time It! provides:

  • a simple, effective interface for entering tasks
  • a stopwatch to keep track of your tasks automatically
  • powerful filtering and charting: time breakdown over any time period; a daily report of your booked time
  • simple editing of your entries
  • download your times as a CSV file, suitable for spreadsheets

Try it out – it’s free and simple. I use it every day to keep track of my many exciting projects.

Migration to Webfaction

Thursday, April 10th, 2008

Supernifty has just migrated to a new hosting provider: Webfaction.

These guys have all the up-to-date software, a great control panel, and undercrowded shared servers. They offer very good support and have wizard installations for all kinds of web frameworks, including Django, Rails, WordPress, etc. So far it has all looked very impressive.

As a result of the migration, a whole bunch of server software that Supernifty relies on has been upgraded. Hence there may be problems. If something does not work properly, please let me know. Although we’ve tested as much as possible, at 2am, sometimes things are missed.