Monkey on a Keyboard

my online scrapbook of scrambled thoughts

Finally, I have the time and the will to upload my OOCMS work to this host! This will ensure easy maintenance and development, while making sure that I wont have to transfer all of the content from one database to another every time I change a version.

Why, because using this OOCMS gives standardization so the database structure will work across versions. To make it short, this iteration is future-proof.

As you can see, I haven't transfer all of the content from my old blog to here, but I will when I have the time. Finally, after some hardwork, I have moved all of the content to this new platform. The comments are not there though, because of the new platform.

If you're interested in my OOCMS work, please go to

Happy blogging!

   Posted in CMS        Yohanes Mario Chandra        0 Comments

Up until now, web designers (or web programmers) are trying to make their httpGET or httpPOST input more secure by filtering it. This has a side-effect which limits the number of characters allowed for a password or username. What if someone wants to have an equal-to (=) character, or even a quote (") character? These characters are known for it's ability to achieve SQL injection. However, I will further explain how they can not.

The old school method of filtering these kind of input is by limiting the characters so that caracters like equal-to (=) or quote (") can't be used. After the filtering is done, then, the input is passed to the SQL command, and then executed. This practicular method involves inserting some PHP variable (or any other language's variable) into the SQL command line. When you forget to sanitize the input, hackers will be very happy to infiltrate your system.

Now, I want to introduce you to a method used in my OOCMS project, which is extremely secure for any kind of SQL-involving input validation. I call it "Separate Room SQL Validation Method", or SRS-VM for short. Instead of letting the SQL part to do the selection job, I use the PHP part to do that. So, I do that by pulling all of the SQL query which is involved in the selection proccess into an array, and then comparing the input to the array. If a match is found, then you'll be able to proceed. This method involves no variable insertion at all, so the SQL command is a clean SQL command without any interference from the outside. That's why I call it "separate room". It will cause a big overhead for a big database, that's for sure. However, the lag is almost unnoticable.

If you want to further understand this method, hit my OOCMS git and go to the framework/controller directory, and open the janitor.php file. I use it in almost every fuction it that class.

That's all from me, and happy blogging!

   Posted in CMS        Yohanes Mario Chandra        0 Comments

The OOCMS (Object Oriented Content Management System) has been out in the wild for several days now. You can view it here. It is now half finished, still need an Admin panel though.

It seems that building with OOP and a better background in web programming makes the coding time shorter. It only took several days to reach this stage which originally it took more than a week. I'm confident that all of the framework (excluding CSS and better index formatting) will be done (default-system wise) at around 23rd of October.

I'm currently working alone, and it's not a problem for now. However, when the default framework is finished, I'll be looking for independent developers to help me extend its capabilities, including some hardcore javascript implementation, and also not to forget, HTML5 based publishing (something similar to photoshop, movie editor, and sound editor) and webGL.

Let's hope the best for this project, and may it benefit people abundantly. Happy blogging!

   Posted in CMS        Yohanes Mario Chandra        0 Comments