On the Laravel News site there's a tutorial showing you how to use a feature that's been added in the latest release of the Laravel framework: signed routes. These signed routes allow you to create routes that work with signatures and help with their validation.

In the latest Laravel 5.6.12 Release a new signed URLs feature was introduced. In this article, we’ll work on enabling signed URLs in an application and look at a few options of how to use them.

The tutorial starts by helping you update your installation to the latest version and change the configuration to add the new ValidateSignature middleware to the route middleware list. They also provide an example of a route definition that contains several "id" type of values that could potentially be modified by an attacker. It then shows how to use the Url helper to generate a new signed route that includes a signature based on the URL contents. The tutorial also provides an example of temporary URL signatures that will include a timeout value as a part of the hash so it will expire after a certain amount of time.

On the SitePoint blog there's a new article from Craig Buckler stating that MySQL transactions can't be emulated in PHP and shouldn't be discounted despite many developers seeing them as not much more than a performance hit.

My recent article, "Top 10 MySQL Mistakes Made by PHP Developers" was far more controversial than I expected. Several of the more intriguing responses were from PHP coders who considered transactions to be an unnecessary overhead. With good-quality PHP code, they argued, you don’t need transactions or MySQL's InnoDB storage engine. It's certainly true you don’t always need transactions.

He gives an example of a situation where database-based transactions would be very useful (inserting customer information) and points out that, despite the best intentions of developers, reducing as many layers and connections between SQL and code is a good thing. Transactions help you conform to the ACID ideas and keep data integrity by only having things in the database that were successful. He includes a small bit on using transactions as well.

Codewalkers.com has posted a new tutorial today from Martin Psinas titled "The PAVISE of Security".

Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.

In the tutorial he talks about the bad reputation that PHP seems to be gathering and how it's less about the langauge and more about the applications written in it. His response is shown the the acronym in the title: PAVISE- Privacy, Administration, Validation, Integrity, Sociology and Environment.

• Privacy deals with keeping server-related info away from the client (what it shouldn't see)
• Administration suggests knowing how things are configured, even if you don't have the access to change them
• Validation (a huge factor) keeps the user data entered from doing bad things to you and your application
• Integrity is the overall strength of your application
• Sociology talks about methods to protect yourself from the social engineering that can happen to anyone
• Environment requires knowing if you're working on a secure platform or not, which could undermine all other efforts

Under each of the headings items are listed out and detailed to help give you a more concrete example. Code examples are also included where appropriate.

Codewalkers.com has posted a new tutorial today from Martin Psinas titled "The PAVISE of Security".

Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.

In the tutorial he talks about the bad reputation that PHP seems to be gathering and how it's less about the langauge and more about the applications written in it. His response is shown the the acronym in the title: PAVISE- Privacy, Administration, Validation, Integrity, Sociology and Environment.

• Privacy deals with keeping server-related info away from the client (what it shouldn't see)
• Administration suggests knowing how things are configured, even if you don't have the access to change them
• Validation (a huge factor) keeps the user data entered from doing bad things to you and your application
• Integrity is the overall strength of your application
• Sociology talks about methods to protect yourself from the social engineering that can happen to anyone
• Environment requires knowing if you're working on a secure platform or not, which could undermine all other efforts

Under each of the headings items are listed out and detailed to help give you a more concrete example. Code examples are also included where appropriate.