Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
How to Scan Fingerprints with Async PHP and React Native
Jun 07, 2017 @ 11:52:09

The SitePoint PHP blog has posted a tutorial from Christopher Pitt with another interesting use of PHP: using it and React to scan fingerprints to aid in multi-factor authentication.

We live in interesting times. A short while ago, a company called OfferZen announced a new, programmable credit card. It’s been a long time since I was this excited to get my hands on a piece of tech. My mind has been brimming with ideas ever since.

So, I decided to write about one of them!

I’m going to describe the process of building custom multi-factor authentication for all transactions. I don’t want to do the usual (and boring on its own) SMS or push notification one-time-password stuff. I want to build a fingerprint scanner right into my phone. [...] In this tutorial, we’re going to look at how to set up a simple iOS app using React Native. We will also set up an asynchronous HTTP server, with a web socket connection to the app.

He starts by taking some time to introduce React Native for those not familiar with it and what it brings to the table. He then walks through the installation of React Native and how to install the TouchID package using yarn. He also includes some simple JS code you can use to ensure it's all working. Next up he uses PHP to create an asynchronous server with the amphp/aerys package (this code). He creates the server with a "scan" endpoint handlers for opening the connection, performing the handshake and reacting to incoming data. Then he brings them together, connecting React and PHP, and sets up a script to wait for fingerprints. Code is included to perform the validation of the fingerprint and the end result should look something like this.

tagged: react reactnative fingerprint scanner mobile asynchronous tutorial

Link: https://www.sitepoint.com/scan-fingerprints-async-php-react-native/

Joseph Crawford's Blog:
Going deep inside PHP sessions
Feb 23, 2007 @ 11:44:00

Security is becoming a more and more popular topic among PHP developers, and Joseph Crawford has followed the trend and written up his own look at the way PHP handles session and session information as it relates to the security for both the user and the server admin.

One aspect that I dislike about the internal PHP sessions is that they are stored in files on the hard disk (usually /tmp/) by default. This means anyone with access to the machine has access to read the session data. I prefer to store my session information in the database to add an extra layer of security.

He looks at the pitfalls of using this kind of setup (among them, multiple users being able to use one IP) and a simple method for creating a custom sessions handler to replace PHP's built-in one. His example works with a local database to handle saving and retrieving the session information. And, to make things unique, he generates a "fingerprint key" for each user's information to serve as a unique identifier rather than handling it on the connection.

tagged: sessions custom handler security fingerprint sessions custom handler security fingerprint

Link:

Joseph Crawford's Blog:
Going deep inside PHP sessions
Feb 23, 2007 @ 11:44:00

Security is becoming a more and more popular topic among PHP developers, and Joseph Crawford has followed the trend and written up his own look at the way PHP handles session and session information as it relates to the security for both the user and the server admin.

One aspect that I dislike about the internal PHP sessions is that they are stored in files on the hard disk (usually /tmp/) by default. This means anyone with access to the machine has access to read the session data. I prefer to store my session information in the database to add an extra layer of security.

He looks at the pitfalls of using this kind of setup (among them, multiple users being able to use one IP) and a simple method for creating a custom sessions handler to replace PHP's built-in one. His example works with a local database to handle saving and retrieving the session information. And, to make things unique, he generates a "fingerprint key" for each user's information to serve as a unique identifier rather than handling it on the connection.

tagged: sessions custom handler security fingerprint sessions custom handler security fingerprint

Link: