Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

That Podcast:
Episode 17: The one where The Force Awakens
Apr 15, 2015 @ 13:31:56

That Podcast has just posted their latest episode - Episode 17: The one where The Force Awakens, with hosts Beau Simensen and Dave Marshall/.

Beau and Dave get through the usual roundup, before getting in to the Star Wars universe. They talk the upcoming movie and the teaser trailer, Star Wars Rebels, The Clone Wars, how their kids are liking Star Wars and Star Wars canon. They then get back to the usual roundup.

Other topics mentioned include Midcamp 2015, the Programmers Can Do UX Too presentation and several upcoming conferences including php[tek], the Dutch PHP Conference and PHP North West. You can listen to this latest episode either through the in-page audio player or by grabbing the mp3 directly. Be sure to subscribe to their feed too and get the latest shows as they're released.

tagged: thatpodcast podcast ep17 force awakens beausimensen davemarshall

Link: http://thatpodcast.io/episodes/episode-17-the-one-where-the-force-awakens/

Derick Rethans:
Xdebug 2.3: Munging errors
Mar 10, 2015 @ 14:15:47

Derick Rethans has posted a new part of his series looking at the improvements that came with the latest Xdebug release (v2.3). In this new article he talks about error handling and intercepting them to make debugging simpler.

One of the first features I added to Xdebug was the interception of error messages, so that it was possible for me to include a stack trace. Xdebug 2.3 has a few additional settings to control the behaviour of interception.

He covers the addition of three new settings: xdebug.halt_level, force_display_errors and force_error_reporting. Each of these is designed to provide you with customizable error reporting. Each setting comes with an example of its configuration and how it modifies the output of the resulting errors.

tagged: xdebug error haltlevel force reporting display debugging tool

Link: http://derickrethans.nl/xdebug-2.3-error-munging.html

Anna Filina:
Brute-force countermeasures
Jun 11, 2014 @ 15:09:10

In her latest post Anna Filina has made some recommendations of countermeasures you can use to help prevent abuse against brute force attacks in your applications. The recommendations aren't PHP-specific, but they're a good guide and a place to start.

Password brute-forcing refers to trying all password permutations until the attacker finds the right one. Here are some of the most common ways to mitigate that risk: increase the length of the password and increase the number of possible characters. [...] The human factor should not be ignored here. People often use letters in the beginning and numbers at the end.

She recommends a few other tactics to helping prevent the brute forcing including locking an account after a number of unsuccessful login attempts and requiring a CAPTCHA after a number of unsuccessful logins. She recommends not relying on a single method to help prevent this kind of attack, however. Multiple layers can only help, but be careful not to introduce too much complexity.

tagged: brute force attack countermeasure password

Link: http://afilina.com/brute-force-countermesures

Phil Sturgeon's Blog:
Hijacking Headers to Force Downloads
Mar 29, 2012 @ 16:29:28

Phil Sturgeon shows how you can hijack headers in his latest post to force a download to the client (even on a hosted service like PagodaBox).

The question [I posed on Twitter] was: "How to force a download of any file of any type, not on your server, without Apache tweaking? Images are displaying and need em to download." Essentially, I wanted to be able to link to a file that was not on the server in question and anywhere in the world, which could be of any size, any media type and could be potentially very high traffic.

Answers varied from using readfile to just letting the browser handle it. None of the responses were quick right until he came across one that recommended some settings in an .htaccess file. It uses

tagged: file download force header question htacess

Link:

DevShed:
Securing Your Web Application Against Attacks
Oct 21, 2008 @ 13:47:32

DevShed continues their series focusing on the security of your web application in this fifth part of the series. This time they look at preventing attacks on your app via correct authentication.

You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.

This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.

tagged: secure application tutorial html form login password sniff brute force

Link:

Pierre-Alain Joye's Blog:
Windows fixes release for Zip, fopen(,"rb") may not be binary safe
Nov 28, 2006 @ 13:13:09

A new release of the Zip PECL package has been made according to this post on Pierre-Alain Joye's blog today. The main update in this release is to counteract a Windows bug that's interfering with binary file opens.

The issue is actually a windows bug. No matter if I give or not the "b" flag to fopen, the write operations are not binary safe. It seems to be a known issue as many projects use the same trick.

The problem comes up when PHP forces the binary mode in SAPI and CLI, making the binary writes to a file non-binary safe no matter what. Pierre is also asking for help from anyone out there with any information/bug reports/references about this issue that would yield something useful.

tagged: fopen binary safe windows force mode bug sapi cli fopen binary safe windows force mode bug sapi cli

Link:

Pierre-Alain Joye's Blog:
Windows fixes release for Zip, fopen(,"rb") may not be binary safe
Nov 28, 2006 @ 13:13:09

A new release of the Zip PECL package has been made according to this post on Pierre-Alain Joye's blog today. The main update in this release is to counteract a Windows bug that's interfering with binary file opens.

The issue is actually a windows bug. No matter if I give or not the "b" flag to fopen, the write operations are not binary safe. It seems to be a known issue as many projects use the same trick.

The problem comes up when PHP forces the binary mode in SAPI and CLI, making the binary writes to a file non-binary safe no matter what. Pierre is also asking for help from anyone out there with any information/bug reports/references about this issue that would yield something useful.

tagged: fopen binary safe windows force mode bug sapi cli fopen binary safe windows force mode bug sapi cli

Link:


Trending Topics: