PHPDeveloper.org http://www.phpdeveloper.org Up-to-the Minute PHP News, views and community en-us Thu, 23 May 2013 01:01:29 -0500 30 <![CDATA[Tobias Schlitt's Blog: Webdav authentication, authorization and locking]]> http://www.phpdeveloper.org/news/11698 http://www.phpdeveloper.org/news/11698 In a new post Tobias Schlitt looks at a part of the recently released eZ Components version 2008.2 that includes, among other things, Webdav support.

My tasks for 2008.2 were dedicated to the Webdav component. This package allows you to easily integrate WebDAV access features into your applications. With the earlier 2007.2 release, this component was born. By then, it supported just rudimentary WebDAV features (compliance class 1) and we focused on its architecture to make it as flexible as possible.

He explains how a commonly requested feature - locking - was implemented in the component. You can find out more about the feature/component in this article from Tobias on the eZ Components website.

]]> Thu, 08 Jan 2009 08:44:16 -0600 <![CDATA[IBM developerWorks: Locking down your PHP applications]]> http://www.phpdeveloper.org/news/5437 http://www.phpdeveloper.org/news/5437 IBM developerWorks has another new tutorial today with a look at locking down your PHP applications - "four security rules you can't violate".

In this tutorial, you'll learn how to add security to your PHP Web applications. It is assumed that you've been coding PHP Web applications for at least a year, so it won't cover the basics of the language (either conventions or syntax). The goal is to make you more aware of what you should be doing to secure the Web applications you're building.

This tutorial teaches you how to guard against the most common security threats: SQL injections, the manipulation of the GET and POST variables, buffer overflow attacks, cross-site scripting attacks, data manipulation inside the browser, and remote form posting.

You'll need a system already running PHP (at least version 4.x) and MySQL on a web server (Apache or otherwise). They look briefly at some of the common security issues plaguing web applications these days before moving on to the four rules:

  • Never trust outside data or input
  • Disable PHP settings that make security difficult to enforce
  • You can't secure it if you can't understand it
  • "Defense in depth" is your new mantra
They take a look at each of these and use the rest of the article (8 more pages) showing you how to keep yourself safe from these issues.

]]> Wed, 24 May 2006 06:17:48 -0500