Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Mike Bronner:
Run #AllTheCommands Outside of Homestead
Mar 04, 2015 @ 16:02:49

In this new post Mike Bronner shows you how to get the latest PHP5 and Mcrypt versions installed on OS X Yosemite to make ti easier on developers needing to run commands outside of Homestead.

Laravel Homestead has brought virtual machines for web development to the mainstream PHP developer: it makes setting up a development stack similar to XAMP extremely simple. [...] However, one of the drawbacks so far has been that you always needed to run Laravel Artisan commands from within homestead, as they depending on MCrypt being installed. [...] The accepted solution thus far has been to install newer versions of PHP alongside Apple’s version using Homebrew or MacPorts. [...] However, there’s another method I came across while research some non-related issues: install the latest version of PHP from a binary that includes the MCrypt extension.

He walks you through the complete process (well, except for getting Homestead - that needs to already be there) complete with each command you'll need. You'll need to be familiar with the command line to make this all happen and know how to edit configuration files. If all goes well, the "artisan" command will work correctly and no errors will happen during the compile. He also includes a fix you'll need to put in to get the database configuration working from outside Homestead too.

tagged: laravel homestead command artisan mcrypt install configure database

Link: https://medium.com/@genealabs/run-allthecommands-outside-of-homestead-e2fc8d05251f

Rob Allen:
Setting up PHP & MySQL on OS X Yosemite
Oct 20, 2014 @ 14:43:36

Rob Allen has posted a quick guide to help you get PHP and MySQL set up on Yosemite, the latest version of Apple's OSX operating system (just released last week).

t's that time again; Apple has shipped a new version of OS X, 10.10 Yosemite. Apple ships PHP 5.5.14 with Yosemite and this is how to set it up from a clean install. However, if you don't want to use the built-in PHP or want to use version 5.6, then these are some alternatives [including the Liip binary package, Homebrew or Zend Server 7.x).

He opts for the Homebrew method, installing it first then getting into the PHP and MySQL packages. This is all done from the command-line, so you'll need to be comfortable there. He includes the commands needed to install PHP, MySQL and Apache along with all configuration changes to make them work together. He also shows how to install Xdebug, PEAR, Composer and the Mcrypt & Intl extensions if needed.

tagged: setup osx yosemite mysql homebrew package install apache intl mcrypt

Link: http://akrabat.com/php/setting-up-php-mysql-on-os-x-yosemite/

LeaseWebLabs.com:
Lessons learned implementing AES in PHP using Mcrypt
Feb 28, 2014 @ 15:37:45

The LeaseWebLabs.com site has a new post talking about some of their difficulties (and lessons learned) when implementing AES in PHP with mcrypt for a recent project.

The Advanced Encryption Standard (AES) is the successor of triple DES. When you need a standardized, secure, high performance symmetric cipher it seems like a good choice. Wi-Fi network traffic is encrypted with AES for instance. Also when you want to securely store data in a database or on disk you could choose AES. Many SSDs store data internally using AES encryption. PHP supports AES through “mcrypt”. On Debian based systems (like Ubuntu and Mint) you can install it using “sudo apt-get install php5-mcrypt”.

With no direct support for AES in mcrypt, they decided on Rijndael-128 instead and include some code examples of getting its key and block size. They also include an example of the dynamic typing PHP does when converting a string to an integer and the "key padding" PHP automatically does if the key length it too short. A few other problems they discovered during implementation are mentioned as well including null padding on strings and PHP's ignoring of a wrong size initialization vector (no padding, just an error).

tagged: leaseweblabs mcrypt implement aes rijndael

Link: http://www.leaseweblabs.com/2014/02/aes-php-mcrypt-key-padding/

Pádraic Brady:
Predicting Random Numbers In PHP - It’s Easier Than You Think!
Mar 26, 2013 @ 14:54:15

Pádraic Brady has a new post to his site about "randomness" in PHP and how, depending on the method used, you might not be as random as you think.

The Zend Framework team recently released versions 2.0.8 and 2.1.4 to address a number of potential security issues including advisory ZF2013-02 “Potential Information Disclosure and Insufficient Entropy vulnerabilities in ZendMathRand and ZendValidateCsrf Components”. Quite the mouthful! In short, Zend Framework used the mt_rand() function to generate random numbers in situations where neither openssl_pseudo_random_bytes() nor mcrypt_create_iv() were available. This is possible when the openssl and mcrypt extensions are not installed/compiled with PHP.

He talks some about the mt_rand function and how it generates its "random numbers" (designed for speed, not ultimate randomness). He notes that all of PHP's internal randomization functions use the concept of "seeds" to prime the random number/string generation. Unfortunately, the seeding method is known inside PHP, so it is possible - if the method of generation is weak, as it is with mt_rand - that an attacker could brtute force their way into a correct value. You can find more about randomness in PHP in this chapter of his PHP security handbook including a mention of Anthony Ferrara's randomness library.

tagged: randomness seed mtrand openssl mcrypt randomlib

Link:

Rob Allen:
Setting up PHP & MySQL on OS X 10.8 Mountain Lion
Aug 30, 2012 @ 14:09:12

Rob Allen has posted some notes to his site helping you get PHP set up on OSX Lion (10.8) successfully.

With OS X 10.8, Apple continues to ship PHP 5.3 with Xdebug, PEAR, GD and PDO_MYSQL. This is how to set it up from a clean install of 10.8.

He's broken it up into a few sections including the MySQL setup, Apache configuration , updating the main php.ini and setting up PHPUnit ("and friends") for your testing. He also includes setup instructions for the mcrypt and the PECL OAuth extensions.

tagged: setup osx lion mysql apache mcrypt oauth pecl pear xdebug phpunit

Link:

Rob Allen's Blog:
Setting up PHP & MySQL on OS X 10.7 Lion
Jul 25, 2011 @ 17:12:51

Rob Allen has posted his own guide to getting PHP 5.3 set up on OS X 10.7 Lion, the just-released update for Apple's operating system. It comes with a bundled set of PHP-related tools but you might want to set them up your own way. This is where the guide comes in.

With OS X 10.7, Apple continues to ship PHP 5.3 with PEAR, GD and PDO_MYSQL out of the box. This is how to set it up from a clean install of 10.7.

He goes through each of the pieces of software and talks about where to download the latest from and what configuration steps are needed:

  • MySQL
  • Apache
  • the php.ini
  • Xdebug
  • PEAR
  • PHPUnit (and friends)
  • PECL OAuth
  • mcrypt
tagged: lion osx setup environment mysql apache xdebug pear phpunit oauth mcrypt

Link:

Mark Karpeles' Blog:
PHP can do anything, what about some ssh?
Jun 28, 2010 @ 18:38:18

In an effort to just about everything he can with PHP Mark Karpeles has posted an article about how he created a SSH server in PHP with most (not quite all) of the functionality of some of its counterparts.

You probably know SSH at least by its name. It’s a of secure telnet replacement which also allows many other things such as port forwarding, remote file management (with sftp) and more. With PHP I could write a fully working SSH server in only 3 days. [...] My goal when writing this was to provide a replacement for the FTP protocol for the customers of my hosting service.

He lists the extensions used to create the extension - OpenSSL, mcrypt, hash and (the most important) GMP as well as a link to the source if you'd like to try it out yourself.

tagged: openssl mcrypt has gmp ssh server

Link:

WebReference.com:
Using PHP Encryption for Login Authentication
Jun 04, 2010 @ 13:50:10

New on WebReference.com there's a follow up article that talks about using encryption built into PHP to handle login information and authentication.

Following up on "Implementing One-way Encryption in PHP," my previous tutorial about using one-way encryption to build a secure online diary application, this article explores using PHP encryption for login authentication. It presents the two scripts that make up the diary application: the login and diary scripts, as well as the necessary database server connection script.

His script example shows how to use the md5 hashing function to compare passwords with the ones in the database as well as a modification that uses the mcrypt libraries to encrypt some sample text.

tagged: login authenication mcrypt md5 tutorial

Link:

ITNewb.com:
PHP Encryption / Decryption Using the MCrypt Library (libmcrypt)
May 26, 2009 @ 14:35:10

On the ITNewb.com site there's a recent tutorial that's been posted by Andrew Johnson about using the mcrypt library in your PHP apps for a simple level of data protection.

The ability to encrypt and safeguard data is an essential ability that every serious web developer should have in their arsenal. In this article we'll explore encrypting data with PHP and MCrypt (libmcrypt), storing it in a database, retrieving it from a database and decrypting it for use.

He works through what mcrypt is, where it can be downloaded from, a simple usage example and a more in-depth look at what its doing (making an IV, encrypting) and how to store the resulting encrypted information into a MySQL database table.

tagged: libmcrypt tutorial mcrypt

Link:

DevX.com:
A Guide to Cryptography in PHP
May 06, 2008 @ 18:47:22

The DevX.com site has posted an introductory guide to using cryptography in PHP, showing how to use the various packages the language has to offer.

Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages.

They start with a look at some of the built-in functions like md5, sh1 and crypt as well as a table detailing the different encryption methods (like mcrypt, mhash or crypt_blowfish). They follow this up with examples of some of them including a method for making secret keys with the Crypt_DiffieHellman PEAR Package.

tagged: cryptography mcrypt mhash blowfish rsa hmac diffiehellman

Link:


Trending Topics: