News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Kevin Schroeder's Blog:
Encrypted session handler
November 17, 2010 @ 09:54:36

In a new post to his blog Kevin Schroeder shares an encrypted session handler he's created to keep sensitive information away from prying eyes (since session data is usually plain text). The result ended up in a component easily used in a Zend Framework application.

A little while ago I had come upon the problem of having to store sensitive data in a user session. The solution that I (and several others came upon) was creating a mechanism for storing encrypted data in a session. But what we wanted to do was build something that didn't have a single point of failure. We also wanted to build something portable. What we built was a simple Zend Framework session handler for storing sensitive data.

The class - App_Session_Secure_Namespace - extends the standard Zend namespace and uses the mcrypt functionality to encrypt (and decrypt the session data). The setup uses a cookie for the initialization vector (domain based, naturally) making it very difficult for someone to access the encrypted session information outside of the application.

0 comments voice your opinion now!
zendframework encrypted session handler tutorial


Rob Richards' Blog:
WS-* for PHP
March 23, 2010 @ 09:14:02

Rob Richards has posted about some updates that have been made to the WSE-PHP project to include support for dealing with encrypted SOAP messages. He talks some about the implementation and how it can help secure your application.

Support for dealing with encrypted SOAP messages was a feature that had been missing from my WS-* libraries pretty much due to my lack of time to implement it. When people ask for help interoperating with a SOAP server that requires encryption I typically just point them over to the WSF project. [...] I decided to finally set aside some time and implement the encryption/decryption portion of the library. Note that it was developed against some WCF services implementing message level security, so your mileage might vary against other platforms. Bug reports would be fastest way of getting any of those issues dealt with.

The WSE-PHP project lives on the Google Code site and provide support for a portion of WS-Addressing and WS-Security that can be used with ext/soap in PHP. TO use the library, you'll need to have the xmlseclibs library already installed.

0 comments voice your opinion now!
encrypted soap message wsf library wsephp



Community Events





Don't see your event here?
Let us know!


library package community bugfix framework list interview podcast voicesoftheelephpant release laravel install api series deployment symfony introduction language tips opinion

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework