News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Educate, Don't Mediate
October 21, 2014 @ 11:53:55

In his latest post Anthony Ferarra makes a suggestion about teaching developers how to solve problems via a "quick fix" versus educating them about the real problem: educate, don't mediate.

Recently, there has been a spout of attention about how to deal with eval(base64_decode("blah")); style attacks. A number of posts about "The Dreaded eval(base64_decode()) - And how to protect your site and visitors" have appeared lately. They have been suggesting how to mitigate the attacks. This is downright bad. The problem is that these posts have been suggesting things like "Disable eval()" and "Disable base64_decode()" as possible solutions. And while technically that would work, it completely misses the point, and does nothing to protect users

He suggests that developers shouldn't just look for a "quick fix" solution posted in a tutorial somewhere and go on their merry way. One danger in this is that those instructions could only be patching part of the problem, not all of it. In this case, the disable eval/base64 handling is only a code-level fix. If this exploit exists in your application, the attacker was able to get to the local file system - a much bigger problem.

0 comments voice your opinion now!
educate mediate opinion bugfix quickfix eval base64 encode decode

Link: http://blog.ircmaxell.com/2014/10/educate-dont-mediate.html

HHVM Blog:
The Journey of a Thousand Bytecodes
October 06, 2014 @ 12:49:38

In the latest post to the HHVM (HipHop VM) blog Sara Golemon recounts the journey of a thousand bytecodes and the process that it takes to decompose a PHP file and optimize it for execution in the HHVM environment.

Compilers are fun. They take nice, human readable languages like PHP or Hack and turn them into lean, mean, CPU executin' turing machines. Some of these are simple enough a CS student can write one up in a weekend, some are the products of decades of fine tuning and careful architecting. Somewhere in that proud tradition stands HHVM; In fact it's several compilers stacked in an ever-growing chain of logic manipulation and abstractions. This article will attempt to take the reader through the HHVM compilation process from PHP-script to x86 machine code, one step at a time.

The process is broken down into six different steps, each with a description and some code examples where relevant:

  • Lexing the PHP to get its tokens
  • Parsing the token results into an AST (and optimizing it along the way)
  • Compilation to Bytecode
  • HHBBC Optimization
  • Intermediate Representation
  • Virtual Assembly
  • Emitting machine code
0 comments voice your opinion now!
hhvm bytecode process hiphop compile decode optimize

Link: http://hhvm.com/blog/6323/the-journey-of-a-thousand-bytecodes

PHPBuilder.com:
Processing JSON in PHP
April 04, 2014 @ 10:40:39

PHPBuilder.com has posted a new tutorial today showing you how to work with JSON in PHP including serialization and database interaction.

This article explains how to use the JavaScript Object Notation (JSON) extension in PHP, going step by step through a series of essential operations. JSON is an object string notation, it is defined as a subset of JavaScript's syntax and its general-purpose is to interchange data format. As you probably know, JSON was first made to be used with JavaScript for accessing remote data, but now it is used by many other languages because JSON data is platform independent data format. JSON can be used natively in JavaScript, but you can also use it in a server-client application logic.

They start with an introduction to the JSON structure and how to both create and encode data using PHP's own json_encode and json_decode. The examples start out using arrays for the data but then move into something slightly more complex - objects. The article talks about JsonSerializable and show how to automatically hook the data into a table and store the content based on the column name/property name match.

0 comments voice your opinion now!
process json encode decode tutorial example

Link: http://www.phpbuilder.com/articles/application-architecture/object-oriented/processing-json-in-php.html

Joshua Thijssen:
Decoding TLS with PHP
December 31, 2013 @ 10:17:19

Joshua Thijssen has posted a walk-through of some work he's done to create a TLS decoder in PHP. TLS (Transport Layer Security) is a method for encrypting data being sent back and forth between the client and server, similar to how SSL is used.

As a proof of concept I wanted to see in how far I could decode some TLS data on the client side. Obviously, this is very complex matter, and even though TLS looks deceptively simple, it isn't. To make matters worse, PHP isn't quite helping us making things easy neither.

His solution (code posted here) goes through a few steps to finally get to the actual data:

  • Capturing TLS data
  • Gathering all the necessary fields
  • From pre-master-secret to master-secret (decoding TLS_RSA_WITH_RC4_128_SHA)
  • Partitioning our master-secret
  • Decoding our data
  • Verifying message integrity

For each step along the way he shares the relevant code and a brief description of what's happening. If you want to see the end result and try it out for yourself, check out his repository.

0 comments voice your opinion now!
decode tls transport layer security protocol data tutorial

Link: http://www.adayinthelifeof.nl/2013/12/30/decoding-tls-with-php

David Stockton's Blog:
Zend JSON - An Introduction
August 24, 2011 @ 08:17:12

David Stockton has a new post to his ZendTutorials.com site today introducing you to an increasingly more handy Zend Framework component that can make your messaging needs easier. The new tutorial introduces you to Zend_Json, a component for generating and parsing JSON messages.

In the past few years, JSON, or JavaScript Object Notation has seemed to overtake XML and other data encoding methods on the web. [...] I've also seen numerous examples of developers who create their own sort of JSON encoder rather than either using json_encode or using Zend_Json. What inevitably comes back to bite them is when the data they are encoding contains a special character like quotes, colons, curly brackets, etc.

He demonstrates how the Zend_Json component helps to alleviate some of the worries with built-in features that handle everything from basic encoding/decoding, printing out results in a "pretty" way and a handy way to include executable Javascript (once it's evaled on the other side) in your payload. He finishes the tutorial off with a mention of a very handy method that will please those already having to work with XML - the fromXML() method that automagically converts the data over to JSON for you.

0 comments voice your opinion now!
zendjson json zendframework introduction xml encode decode expression


PHPBuilder.com:
Securing Data Sent Via GET Requests
December 14, 2007 @ 08:49:00

PHPBuilder.com has a new article by Hillel Aftel about his method of choice for securing the data that you send over the GET string when moving things around on your site.

In this article I'm going to show you how you can use PHP to encode your data for transit. Most importantly, it will be done in a way that makes the data decodable, and therefore much more usable, by the receiving page.

His encryption method - sending everything in a single string and modifying the scheme each time - uses static pairs of values (of your choosing) to "encode" the outgoing string. It actually consists of three different files: the script itself, a single-use script that makes the third file, an include file to handle the conversion back from the encoded results.

0 comments voice your opinion now!
get request secure data encode decode salt convert get request secure data encode decode salt convert


Paul Jones' Blog:
Solar 0.27.0 and 0.27.1 Released
March 02, 2007 @ 07:57:00

Paul Jones has released two new concurrent versions of the Solar framework today:

Yesterday, I released Solar 0.27.0, then quick-fixed two minor bugs and released 0.27.1 an hour later. It feels so good to be back doing releases on a monthly basis.

Some of the updates/changes in these new releases include:

You can download this latest update(s) from the framework's main website.

0 comments voice your opinion now!
solar release update bugfix autoload locale json encode decode sql pdo extension solar release update bugfix autoload locale json encode decode sql pdo extension


Cyberlot's Blog:
Funny little php "virus" floating around
February 12, 2007 @ 09:58:00

Richard Thomas comments on a "funny little PHP 'virus'" that he's noticed coming to him via emails:

Got an email that claimed to be from my host, it used a generic return address and talked about security upgrades and such and how due to new policy to help keep a secure data center I was required to upload and run 1 of 2 files in a zip attachment, the first was a php file the other was an asp file.

Of course, it wasn't from the host, so he investigated a little further to find out exactly what was going on with the file. Basically, it was a modified nsTView file with some added emailing and password discovery code. The code was "hidden" though - through a base64_encode call on one side and then decoded it on the other to cause the server to execute the code. He even posts and example of what the base64ed code might look like.

0 comments voice your opinion now!
virus upload base64 encode decode email nstview virus upload base64 encode decode email nstview


Jim Plush's Blog:
The Zend Encoder Fiasco Part Deux - The Personal Attack
January 27, 2006 @ 12:49:20

In a previous post, Jim Plusha follow-up post and some surprising results.

This story just keeps getting better. Some of you may recall I posted a story a few weeks back when to my SHOCK I found that websites were offering to decoded Zend Encoded files for $5. There were literally 10+ sites I found in a simple search. I emailed all my Zend contacts right away to find out what the status of this is. No reply.

Here comes the good part... Zend's Chief Marketing Officer Mark de Visser had the balls to say that I was just as bad as the people who were able to reverse engineer the zend encoding by showing people the websites.

Jim also notes that several of the links to the sites were found in Zend's own forums (which, apparently, have been removed), and includes links to screenshots of their site...

0 comments voice your opinion now!
zend encoder decode personal attack zend encoder decode personal attack


Jim Plush's Blog:
Censorship at Zend??? Zend Encoder swept under the rug
January 09, 2006 @ 06:37:40

On Jim Plush's blog today, there's a new post as a follow up to his previous post concerning the Zend Encoder and some issues with sites that can decode its files.

I made a post on the Zend Forums asking for a statement on the decoding of Zend Encoded files.

Notice how there is NO MESSAGE. Why would they delete the text of my forum post? I was asking for a statement and a patch fix for a list of sites offering the decoding of encoded files. Is Zend trying to sweep this under the rug because they're looking to dump the encoder project and don't want to waste any money on fixing this issue? This doesn't look good for Zend PR.

It's definitely interesting to see that they removed the post - not just replied with a simple "We're looking into it" or "We're aware of the situation. Thank you for your input" kind of thing. Instead, they take the "what forum post?" approach. Well, Jim's posted another message that, as of the writing of this post, is still there, but unanswered...

0 comments voice your opinion now!
zend encoder websites decode forum post delete zend encoder websites decode forum post delete



Community Events





Don't see your event here?
Let us know!


laravel install bugfix interview package api framework library language list community deployment voicesoftheelephpant series symfony opinion tips podcast introduction release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework