Find a Book  

Biography : Golam Mowla Nayem

 Golam Mowla Naeem is popular bengali writer. He is famous for his Western and Sheba Prokashoni Writings. Popular books of Golam Mowla Nayem are Firey Esho, Astana, Dabdaaho, Atat, Bipottin, Nilimay Megh etc. Download Goalm Mowla Nayeem Romantic and Bangla Novel  Books in pdf and Read by Golam Mowla Nayem

Few Books of Golam Mowla Nayem
All Books of Golam Mowla Nayem
Article and Tutorial
What to Do When Your Boss Is Younger Than You

By Catherine Conlan
Monster Contributing Writer

There are always going to be challenges associated with generational differences in the workplace, but some people find dealing with a younger boss to be especially difficult. If you’re older than your boss, here are some things you should keep in mind.

Show Some Respect
One of the most important things to remember when your boss is younger than you is to show respect, says Robin Throckmorton, president of Strategic HR Inc. “While he or she may be younger, they wouldn’t be in this role if someone didn’t feel they had a lot to offer the role, even if you disagree.”

While it can be easy to think, “my kids are younger than you” or “before you were even born, we…” Throckmorton says if you show respect for your boss, you’ll get it in return.

Be Flexible and Cooperative
Keeping an open mind and staying flexible about how things get done at the office are important when there’s an age difference between you and your boss, says Paul Bernard of Paul Bernard and Associates. “For example, you may be used to a lot of face-to-face meeting time, but your boss may prefer to handle a lot of his communications via text or instant messenger,” he says.

“Don't balk at this -- you'll come across as stubborn and old-fashioned. Instead, try to align yourself as best you can with your boss's management style. You might find that there are some real advantages to doing things differently.”

Bernard then recommends trying to figure out how you can complement your boss' strengths. “Your boss may be a mobile content maven but might need help navigating office politics or be able to use some historical context about your company and how things are typically done. If you can find a way to make your younger boss more successful, you'll help not only him/her but yourself as well.”

Remember Age Is Just a Number
An age difference can be a distraction, so try not to focus on it, says Kelly Hadous of Win The Room. “Don't pay attention to your boss's age! Age doesn't matter as long as your boss provides good leadership and strong guidance, and brings passion and motivation into the company and the team. Ride along with your boss; if you share the same willingness to grow the company and move the team forward, everything will just be fine, and age won't matter.

No matter how old your boss is, it’s important to ensure you’re on the same page, and that requires clear communication. “Early on set a time to speak with your younger boss regarding expectations, style, and role clarity,” says Scott Span of Tolero Solutions. “Ask their preferred way of communication and delivery of requirements. Boomers and Millennials need to continue to dialogue, build trust, to put stereotypes to rest to maximize performance."

Focus on the Organization
You and your boss are a team, and you’re working to help build your department, division or company. “Keep focused on the vision of the company or division for which you're working, and praise alignment,” says business coach Wayne Pernell. “You get more of what you focus on and being focused on a bigger picture can interrupt the internal monologue stemming from generational differences.”

Be Sensitive
It can be hard to avoid holding forth with the wisdom you’ve accumulated over the years, but you should try. “Refrain from behaviors that drive younger generations crazy,” says Tammy Hughes, CEO of Claire Raines Associates and international speaker and consultant on generational issues. “Avoid comparing your manager to your son or daughter. Don’t act like a know-it-all. Nip cynicism and sarcasm in the bud.”

Vulnerabilities & Concepts

Vulnerability Types

Cross Site Scripting (XSS)

This vulnerability allows data to be injected into webpages. This data is then interpreted as code and executed by the viewer‘s web browser, which can effectively be seen as remote controlling a victim‘s browser.

Cross Site Request Forgery (CSRF)

CSRF refers to a type of exploits where the victim‘s browser is being tricked into triggering an authenticated action inside a vulnerable web application. The target website can be affected by CSRF regardless of being susceptible to XSS. How dangerous CSRF can be really depends on the kind of action triggered this way and its impact.

SQL Injection

SQL injection attacks lead to the manipulation of SQL queries. Vulnerable applications allow dynamically built SQL queries to contain unfiltered or improperly sanitised user input. If exploited successfully an attacker can gain access to all data in the database as well as modify data, limited only by the access level of the database user.

Insecure Session Handling

This category covers problems enabling attackers to access or manipulate a session token in order to control or take over a session.

Session Fixation

Session Fixation allows an attacker to control the session of a user. This is done by injecting a known token to be used as a valid session token.

Information Disclosure

As the name suggests, security related information is being divulged by the target system, which may simplify an attack. Such information can be found in various places, e.g. code comments, directory listings, error messages or even in search results of your favourite search engine.

Header Injection

This vulnerability allows HTTP headers to be injected into an HTTP response.

File Inclusion

The inclusion of local or remote files into a web application is a serious security vulnerability, which may lead to arbitrary code execution on the server.

Insecure Configuration

Misconfiguration of server or application software may facilitate or simplify attacks.

Weak randomness

This problem refers to predictable random number generation; e.g. badly chosen random seeds or algorithms using insufficient entropy are known to generate weak random numbers.


Secure Input Handling

Input filters and validators can be used to scan user input for specific patterns known to trigger unwanted side effects in web applications. User input can contain fragments of JavaScript, SQL, PHP or other code which – if unfiltered – could then lead to code execution within the context of the web application.


Sanitising functions can be used to “repair” user input, according to the application‘s restrictions (e.g. specific datatypes, maximum length) instead of rejecting potentially dangerous input entirely. In general, the use of sanitising functions is not encouraged, because certain kinds and combinations of sanitising filters may have security implications of their own. In addition, the automatic correction of typos could render the input syntactically or semantically incorrect.


There are several different kinds of escaping:

- The backslash prefix “\” defines a meta character within strings. For Example: \t is a tab space, \n is a newline character, … This can be of particular interest for functions where the newline character has a special purpose, e.g. header(). Within regular expressions the backs- lash is used to escape special characters, such as \. or \*, which is relevant for all functions handling regular expressions.

- HTML encoding translates characters nor- mally interpreted by the web browser as HTML into their encoded equivalents – e.g. < is < or < or < and > is > or > or >. HTML encoding should be used for output handling, where user input should be reflected in HTML without injecting code. (See also: htmlentities())

- URL encoding makes sure, that every character not allowed within URLs, according to RFC 1738, is properly encoded. E.g. space converts to + or and < is <. This escaping is relevant for functions handling URLs, such as urlencode() and urldecode().


There are two different approaches to filtering input data – whitelisting and blacklisting. Blacklisting checks input data against a list of “bad patterns”. This way, unwanted input can be discarded and all other content can be processed further. On the other hand, whitelisting checks input data against a list of known “good patterns”. All unmatched input can be discarded and only input recognised as valid is accepted.

In the real world whitelisting turned out to be far more resistant to security vulnerabilities than blacklisting, since it is usually a lot easier to specify the narrow set of valid patterns for the whitelist than to exclude every invalid input with a blacklist. In particular, whitelisting should be used for input directly controlling the program flow, e.g. for include statements or eval().

Security Related PHP Functions

Validation and Sanitising Functions


The PHP core provides a few functions suitable for sanitising:

is_numeric() Checks a variable for numeric content.

is_array() Checks if a variable is an array.

strlen() Returns a string‘s length.

strip_tags() Removes HTML and PHP tags. Warning: As long as certain HTML tags remain, JavaScript can be injected along with tag attributes.

CType Extension

By default, PHP comes with activated CType exten- sion. Each of the following functions checks if all characters of a string fall under the described group of characters:

ctype_alnum() alphanumeric characters – A-Z, a-z, 0-9

ctype_alpha() alphabetic characters – A-Z, a-z

ctype_cntrl() control characters – e.g. tab, line feed

ctype_digit() numerical characters – 0-9

ctype_graph() characters creating visible output e.g. no whitespace

ctype_lower() lowercase letters – a-z

ctype_print() printable characters

ctype_punct() punctuation characters – printable characters, but not digits, letters or whitespace, e.g. .,!?:;*&$

ctype_space() whitespace characters – e.g. newline, tab

ctype_upper() uppercase characters – A-Z

ctype_xdigit() hexadecimal digits – 0-9, a-f, A-F


if (!ctype_print($_GET['var'])) {

die("User input contains non-printable characters");


Filter Extension – ext/filter

Starting with PHP 5.2.0 the filter extension has provided a simple API for input validation and input filtering.

filter_input() Retrieves the value of any GET, POST, COOKIE, ENV or SERVER variable and applies the specified filter.

<?php $url = filter_input(INPUT_GET, 'url', FILTER_URL); ?>

filter_var() Filters a variable with the specified filter.

<?php $url = filter_var($var, FILTER_URL); ?>

List of Filters Validation Filters

Validation Filters

FILTER_VALIDATE_INT Checks whether the input is an integer numeric value.

FILTER_VALIDATE_BOOLEAN Checks whether the input is a boolean value.

FILTER_VALIDATE_FLOAT Checks whether the input is a floating point number.

FILTER_VALIDATE_REGEXP Checks the input against a regular expression.

FILTER_VALIDATE_URL Checks whether the input is a URL.

FILTER_VALIDATE_EMAIL Checks whether the input is a valid email ad- dress.

FILTER_VALIDATE_IP Checks whether the input is a valid IPv4 or IPv6.

Sanitising Filters

FILTER_SANITIZE_STRING / FILTER_SANITIZE_STRIPPED Strips and HTML-encodes characters according to flags and applies strip_tags().


FILTER_SANITIZE_SPECIAL_CHARS Encodes ‘ " < %gt; & \0 and optionally all characters > chr(127) into numeric HTML entities.

FILTER_SANITIZE_EMAIL Removes all characters not commonly used in an email address.

FILTER_SANITIZE_URL Removes all characters not allowed in URLs.

FILTER_SANITIZE_NUMBER_INT Removes all characters except digits and + -.

FILTER_SANITIZE_NUMBER_FLOAT Removes all characters not allowed in floating point numbers.


Other Filters

FILTER_UNSAFE_RAW Is a dummy filter.

FILTER_CALLBACK Calls a userspace callback function defining the filter.

Escaping and Encoding Functions

htmlspecialchars() Escapes the characters & < and > as HTML entities to protect the application against XSS. The correct character set and the mode ENT_QUOTES should be used.

<?php echo "Hello " . htmlspecialchars(

$_GET['name'], ENT_QUOTES, 'utf-8'); ?>

htmlentities() Applies HTML entity encoding to all applicable characters to protect the application against XSS. The correct character set and the mode ENT_QUOTES should be used.

<?php echo "Hello " . htmlentities($_GET['name'], ENT_QUOTES, 'utf-8'); ?>

urlencode() Applies URL encoding as seen in the query part of a URL.

<?php $url = "" .

"index.php?param=" . urlencode($_GET['pa']); ?>

addslashes() Applies a simple backslash escaping. The input string is assumed to be single-byte encoded. addslashes() should not be used to protect against SQL injections, since most database systems operate with multi-byte encoded strings, such as UTF-8.

addcslashes() Applies backslash escaping. This can be used to prepare strings for use in a JavaScript string context. However, protection against HTML tag injection is not possible with this function.

mysql_real_escape_string() Escapes a string for use with mysql_query(). The character set of the current MySQL connection is taken into account, so it is safe to operate on multi-byte encoded strings. Applications implementing string escaping as protection against SQL injection attacks should use this function.


$sql = "SELECT * FROM user WHERE" .

 " login='" . mysql_real_escape_string($_GET['login'], $db) . "'";


preg_quote() Should be used to escape user input to be inserted into regular expressions. This way the regular expression is safeguarded from semantic manipulations.


$repl = preg_replace('/^' .

preg_quote($_GET['part'], '/').

'-[0-9]{1,4}', '', $str);


escapeshellarg() Escapes a single argument of a shell command. In order to prevent shell code injection, single quotes in user input are being escaped and the whole string enclosed in single quotes.


system('resize /tmp/image.jpg' .

 escapeshellarg($_GET['w']).' '.



escapeshellcmd() Escapes all meta characters of a shell command in a way that no additional shell commands can be injected. If necessary, arguments should be enclosed in quotes.


system(escapeshellcmd('resize /tmp/image.jpg "' .

 $_GET['w'].'" "'.

 $_GET['h']. '"'));


  Secure Programming

Securing HTML Output

In order to prevent the execution of JavaScript code originating from user input, it is mandatory to perform a suitable string sanitisation on all dynamic data before any HTML output. The use of htmlentities() is considered sufficient within normal HTML context.

However, if data can be injected into tags or tag attributes, JavaScript can be executed by means of event handlers such as onClick or by modifying style attributes. For these cases it is recommended to apply a whitelist filter allowing only predefined tag attributes or style sheets to be inserted.

URLs within tag attributes must be checked as well. Some URI schemes, such as data: [removed] and [removed] can be used to execute code. Therefore only specific schemes should be allowed. Of course, it is always a good idea to encode the query part of a URL appropriately as well.

Finally, data put directly into JavaScript code must be prevented from breaking out of its JavaScript context. JavaScript strings are known to be particularly prone to incorrect escaping.

Regular Expressions

Every user input placed inside regular expressions must be prepared using preg_quote(). Otherwise an injection into the expression‘s logic can easily lead to incorrect application behaviour, buffer overflows, denial of service or application crashes.

HTTP Header Output

HTTP headers can be set using the header() function. User input should always be checked before being passed to header(), otherwise a number of security issues become relevant.

Newline characters should never be used with header() in order to prevent HTTP header injections. Injected headers can be used for XSS and HTTP response splitting attacks, too. In general, user input should be handled in a context-sensitive manner.

Dynamic content within parameters to Location or Set-Cookie headers should be escaped by urlencode().

<?php if (strpbrk($_GET['x'], "\r\n"))

die('line break in x'); header("Location: " .


urlencode($_GET['x'])); header("Set-Cookie: mycookie=". urlencode($_GET['x']) .


25 Acts of Email Cruelty: Do not be cruel in email--stop doing these things
By John Brandon


You arrive at work and the first message waiting at the top of your Gmail is rude, sarcastic, and demeaning. That's not exactly the intended use of the communication method.

Email is great for explaining a complex topic, documenting a subject, and communicating about upcoming plans. Using it to take your anger out on someone? That's just another way of being cruel.

These examples of being harsh by email won't help anyone stay productive and focused on their work, or enjoy being in the office:

1. Responding to an email with just a Web link without any explanation. I am guilty as charged. I recently realized it's a little gruff. It's better to at least give a quick annotation. (In some cases, it's obviously just a quick and helpful aid.)

2. Answering an email with one word and no other explanation. I'll contend it is sometimes the only way to cut people off, but you wouldn't do that in the grocery line, right? Right? One word replies sometimes work, sometimes they are just rude.

3. Using the word unfortunately. I have mentioned this one before. Unfortunately, people keep using it in emails and it still seems dismissive.

4. Swearing. I'm just not a fan of swearing in general--it's a bit lazy. And, you never know if someone will take your humor the wrong way. Or show the message to the boss.

5. Not answering at all. Somehow society in general decided "no reply" to an email is no answer. It's better to at least reply and give an explanation.

6. Pestering. The all-time record for someone asking me about their product is around six emails. It's okay to remind me. It's not okay to pummel.

7. Writing a lengthy email about why that person is an idiot. I understand people get angry and need to vent. My solution? Go ahead and write the long email, then delete it. Or just go talk to the person.

8. Boring people with too much detail. This is not a NASA rocket convention. By cleaning up your prose and summarizing things, you are making the recipient much happier in life.

9. Arguing over email. Arguments sometimes erupt over email, and it just causes people a lot of stress. Stick to the phone or, better yet, just let something slide once in a while.

10. Not calling. Sometimes, it's just cruel to email period. There are some topics, like trying to retain an employee or discussing future plans, that are best voice calls.

11. Blaming by email. It's an easy way to avoid confrontation, but a really terrible way of resolving anything. Blaming by email almost always puts some on the defense.

12. Being terse. Face it, we've all sent short and snappy emails. It's not always a bad thing. However, not explaining yourself fully usually creates a communication nightmare.

13. Criticizing grammar. Sure, your recipient has not mastered the difference betweeneffect and affect. I get that. Calling out bad grammar just slows down the discussion.

14. Explaining at length why it is better to do a phone call. I've received these missives before. Isn't it better to just call and explain that? Or just arranging the call without hammering the point?

15. Making fun of someone for hitting Reply All by mistake. Sure, it's a little dumb. It becomes cruel when everyone starts making fun of the original sender.

16. Making sexual overtones. You'd be surprised how often people send suggestive emails, making a permanent record of the debauchery that's easy to bring up in a performance review.

17. Forwarding spam. Really? I suppose there might be a small minority of spam messages that are funny or weird, but please keep them to yourself.

18. Sending chain mail. These are not just annoying, they usually don't make any sense. Plus, no one will ever know that you broke the chain--not even Stevie Nicks.

19. Letting everyone knowyou're the boss. Another tactic that just looks bad by email (or in any context). It's better to develop trust, respect, and even admiration from employees by making good decisions.

20. Belittling. Sure, the recipient screwed up a project and doesn't seem to understand basic business practices. Using email to chastise them just makes you look mean.

21. Telling lies. Watch yourself on this one. If you lie by email, the recipient can pretty easily prove you wrong--and they will hang onto the message as proof.

22. Sending an animate GIF. Apart from clogging up the email pathways, not everyone is amused by a dancing kitten. Plus, not every email program can read them.

23. Firing someone. Well, this one is obvious but it has happened. If you have to terminate someone, always do it in person and follow well-established guidelines.

24. Dramatically altering a project. I'm convinced people use email to make a sweeping change because they don't want to deal with the backlash. It's just not the best way to make big changes.

25. Closing down a business entirely. Has it finally come to the bitter end? Hold an all-hands meeting or talk to employees one-on-one. Don't use email for it.