News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php[architect]:
March 2015 Issue Released - DB Migration
March 16, 2015 @ 12:50:49

php[architect] magazine has released their March 2015 edition of their magazine - DB Migration:

Because databases store the data our applications, they need proper care and feeding too. In "DB Migrations", David Berube shares what he's learned to properly design your databases, Harrie Verveer looks at "Database Versioning with Liquibase", and Patrick Schwisow shows you how to consolidate Doctrine Migrations that have gotten unwieldly.

Other topics included in this month's edition include a "deep dive" into PHP extensions, object oriented Javascript, bitwise math and much more. You can pick up your own copy - either virtual (PDF) or in print - from the php[architect] website.

0 comments voice your opinion now!
paprchitect magazine march2015 issue release db migration

Link: http://www.phparch.com/magazine/2015-2/march/

Anthony Ferrara:
Security Issue Combining Bcrypt With Other Hash Functions
March 13, 2015 @ 09:32:02

Anthony Ferrara has a new post today looking at a potential security issue in PHP applications when using bcrypt with encryption and other hashing functions. His findings have to do with some research he did on long passwords and denial of service attacks they might lead to.

The other day, I was directed at an interesting question on StackOverflow asking if password_verify() was safe against DoS attacks using extremely long passwords. Many hashing algorithms depend on the amount of data fed into them, which affects their runtime. This can lead to a DoS attack where an attacker can provide an exceedingly long password and tie up computer resources. It's a really good question to ask of Bcrypt (and password_hash). As you may know, Bcrypt is limited to 72 character passwords. So on the surface it looks like it shouldn't be vulnerable. But I chose to dig in further to be sure. What I found surprised me.

To find out exactly how things are processed he gets down into the C code behind the PHP functionality in the crypt function. He discovers something interesting about the way it determines the length of the input password. It loops over the key, taking one byte at a time but resetting when it comes across a null byte. While this method is safe in itself, he points out the real issue - using pre-hashing before the bcrypt password checking to, possibly, allow for longer passwords.

The problem is that this method could lead to those null bytes and cause issues with the password checking, especially if opting for the use of raw data. He includes a simple script to illustrate this problem, finding a few collisions for his made up key and "random looking" password. Thankfully, he includes a method for checking to ensure the hash doesn't contain a null byte. He points out that not all hashing combinations are at risk and suggests a few alternatives that can keep your application 100% safe.

The underlying problem is that combining cryptographic operators that weren't designed to be combined can be disastrous. Is it possible to do so safely? Yes. Is it a good idea to do it? No. This particular case is just one example where combining operations can be exceedingly dangerous.
0 comments voice your opinion now!
bcrypt hash function combination issue crypt null byte

Link: http://blog.ircmaxell.com/2015/03/security-issue-combining-bcrypt-with.html

Brian Moon:
Using socket_connect with a timeout
March 12, 2015 @ 09:38:00

In a new post to his site Brian Moon has shared a problem he had with sockets and timeouts and having them perform the same way every time. He walks through the symptoms he was seeing and provides his own solution in the end.

So, it seems that when you try and connect to an IP that is routable on the network, but not answering, the TCP stack has some built in timeouts that are not obvious. This differs from trying to connect to an IP address that is up, but not listening on a given port. [...] After a lot of messing around, a coworker pointed out that in production, the failures were happening for an IP that was routable on the network, but that had no host listening on the IP.

After some testing, Brian figured out that his problem was using localhost for testing and not an actual non-host server. He made the switch and figured out how to set the timeouts low and work with error state checking to make things more stable. He explains a bit more about how the code in his solution works. You can find his solution in this gist on GitHub.

0 comments voice your opinion now!
socket connect timeout issue stable consistent failure localhost

Link: http://brian.moonspot.net/socket-connect-timeout

php[architect]:
February 2015 php[architect] Magazine Launched - "Other Shores"
February 19, 2015 @ 13:19:23

The February edition of the php[architect] magazine has been released with the theme "Other Shores".

This month's theme, "Other Shores", explores other languages you may want to try. Tobias Nyholm introduces us to Hack, Julien Pauli talks about PHP Extensions, and Ricky Robinett talks "Swift for PHP Developers".

Other articles in this issue include:

  • "MFA with Authy" by Dirk Merkel
  • "Access Any File - Anywhere - With the PHP League's Flysystem" from Matthew Setter
  • "Teaching and Mentoring" in the "Leveling Up" column (David Stockton)

You can pick up a copy of this month's edition directly from the php[architect] website.

0 comments voice your opinion now!
phparchitect feb2015 issue release othershores magazine

Link: http://www.phparch.com/2015/02/february-2015-phparchitect-magazine-launched/

php[architect]:
January 2015 Issue Released - Be the Boss
January 27, 2015 @ 13:18:45

php[architect] magazine has just released their January 2015 issue - "Be The Boss". This issue includes articles talking about freelancing, the importance of communication in open source and the usual columns.

This month is a personal favorite of mine, as the theme is "Be the Boss". It speaks to those who wish stop working as an employee and strike out on there own, something I've done twice in my life. In Get Off the Freelance Roller Coaster!, Yitzchok Willroth (@coderabbi) talks on the importance of not placing all of your eggs in one basket (or projects with one vendor). In Choose Your Own Adventure-Freelancer or Founder?, Joshua Warren talks about the two avenues that are open to those going it on their own, freelancer or business founder.

Articles in this month's edition include:

  • Get Off the Freelance Roller Coaster! (Yitzchok Willroth)
  • Choose Your Own Adventure - Freelancer or Founder? (Joshua Warren)
  • PHP and OS Communication (Julien Pauli)
  • An Introduction to NodeJS

The usual columns (Laravel Tips and Education Station) return once again as well as a a new one from David Stockton called "Leveling Up" to help you become a better developer. You can pick up your own copy from the php[architect] website.

0 comments voice your opinion now!
phparchitect magazine jan2015 issue release boss freelance

Link: http://www.phparch.com/magazine/2015-2/january/

Anthony Ferrara:
PHP Install Statistics
December 31, 2014 @ 09:29:43

Anthony Ferrara has a new post to his site sharing the results of some PHP version statistics he's gathered and how it relates back to the security of applications.

After yesterday's post, I decided to do some math to see how many PHP installs had at least 1 known security vulnerability. So I went to grab statistics from W3Techs, and correlated that with known Linux Distribution supported numbers. I then whipped up a spreadsheet and got some interesting numbers out of it. So interesting, that I need to share...

He starts with the versions that currently have no known security issues and matches those up with the linux releases that currently include them. He then looks at the adoption rates for more recent versions and maps those against the security status as well...with some "grim results". He summarizes the totals of all of the version results and comes up with an interesting statistic: over 78 percent of PHP installations (and thus applications) are vulnerable to some kind of security vulnerabilities just because of what they're hosted on.

0 comments voice your opinion now!
install statistics security vulnerability issue percent

Link: http://blog.ircmaxell.com/2014/12/php-install-statistics.html

php[architect]:
December 2014 Issue Released - Taming Content
December 17, 2014 @ 11:55:27

php[architect] has posted the official release announcement for the latest edition of their magazine, the December 2014 edition: Taming Content.

The PHP habitat is well stocked with content management systems. Everything from mature projects like Drupal, WordPress, Joomla!, to in-house custom systems (come on, who hasn't taken a stab at this at least once?). Even if you primarily work with backend applications, it's good to know the options available for helping clients and coworkers manage and update site content on their own.

This issue includes articles like:

  • Advanced Sites Deserve Advanced Custom Fields (Steve Grunwell)
  • Drupalese 101 (Annika Garbers)
  • ProcessWire: Flexibility, Power, and a Generous Dose of Pure Fun (Teppo Koivula)
  • PHP Tips and Tricks (Julien Pauli)

All of your favorite columns are there too including Laravel tips, the Community Corner and the Education Station. You can check out more information about these and other articles in the page for the issue or just pick up a copy of your own (available in both print and digital formats).

0 comments voice your opinion now!
phparchitect magazine dec2014 issue release taming content

Link: http://www.phparch.com/magazine/2014-2/december/

php[architect]:
November 2014 Issue Released - Environments
November 24, 2014 @ 13:22:49

php[architect] magazine has released their latest issue today - the November 2014 edition: "Environments".

In this month's issue, we take a look at the environments that PHP code may travel through.

Articles in this month's issue include:

  • "PHP Engine Explained: an Introduction to the Zend Virtual Machine" (Julien Pauli)
  • "In the Shoes of a Hacker. Creating a Cryptovirus for PHP Apps" (Raul Fraile)
  • "Education Station: PHP on Firefox OS" (Matthew Setter)
  • "Introduction to Building a Programming Language" (Jacob Mather)

There's also all of the columns you know and enjoy covering Laravel Tips, the latest in the PHP community and a retrospective of the php[world] conference. You can pick up either just this issue or a full subscription from the php[architect] website.

0 comments voice your opinion now!
phparchitect magazine nov2014 issue release environments

Link: http://www.phparch.com/magazine/2014-2/november/

php[architect]:
October 2014 Issue Released - Built with PHP
October 22, 2014 @ 13:03:49

The php[architect] magazine has officially released their October 2014 edition of their publication: "Built with PHP".

This month's edition includes articles like:

  • "We Built DataSift on PHP" by Michael Heap
  • "Domain Modeling with PHP in Polyglot Systems" by Luis Atencio
  • "Test Fixtures Like a Boss" by Giulio De Donato
  • "Varnish: Just Plain Faster" by Dan Reif
  • "Laravel Tips: Deploying Applications Part 2: Automation" by Dirk Merkel

...and all of your favorite columns from the editors and staff of the magazine. You can pick up a copy for yourself directly from the php[architect] website or grab a full year's subscription (either in digital or print versions....or both).

0 comments voice your opinion now!
phparchitect magazine oct2014 issue release builtwithphp

Link: http://www.phparch.com/magazine/2014-2/october/

php[architect]:
September 2014 Issue Released - Purchasing Power
September 24, 2014 @ 09:17:11

The php[architect] group has officially released their latest issue of the magazine: September 2014, Purchasing Power.

Our September issue is now available. Whether selling products, billing for services, or collecting donations, at some point you've probably needed to find a way to get money from person A to person B. This issue covers the latest developments and techniques for Magento, the popular PHP e-commerce platform.

Articles in this issue include:

  • High-Performance Magento in the Cloud (Fabrizio Branca)
  • Easy WordPress Dev Environments with Vagrant and Ansible (Jason A. Lefkowitz)
  • The Confident Coder: Make the Reasons Overwhelming (Aaron Saray)
  • Laravel Tips: Deploying Applications Part 1: Homestead (Dirk Merkel)

If you'd like a sample of this issue, you can read a free sample from the WordPress Development Environments article. If you'd like to pick up a copy of your own, you can get it directly from the php[architect] site.

0 comments voice your opinion now!
phparchitect magazine sept2014 issue release purchasing power

Link: http://www.phparch.com/2014/09/september-2014-phparchitect-magazine-released-purchasing-power/


Community Events

Don't see your event here?
Let us know!


podcast unittest version introduction release video php7 language example api framework interview laravel security library series voicesoftheelephpant laravel5 opinion community

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework