News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

thePHP.cc:
Do No Enter!
November 23, 2012 @ 10:37:44

In a new post to the PHP.cc site today Arne Blankerts reminds us that not all security is about writing good code and handing data correctly - it's also about the systems they run on.

What seems to be so obvious for road traffic and its rules seems to be less obvious for many web developers. They tend to slack on defining (and monitoring) what is happening at the application level as well as the infrastructure level of their application. It is not enough to run a default install of your operating system of choice, add whatever services you need, and hope for the best. Considering the amount of money as well as damage to reputation, either directly due to fraud and abuse or indirectly by time lost to recover a hacked system or software, the "let's hope for the best" approach is of arguable quality. And we are not even considering general bugs here.

He mentions configuring the server, OS and network to ensure a higher level of security, noting that no matter how much work is put into secure code, if the attacker can get to points on the system they shouldn't, your app is still vulnerable.

But how can you tell if someone is actually trying to break in? Pretty much exactly as the police does for road traffic: with speed checks and by patrolling. A properly configured firewall will show as well as inhibit any unauthorized communication within the network and all you need to do is monitor the vital signs of your infrastructure.
0 comments voice your opinion now!
server operatingsystem security network firewall


Stuart Herbert's Blog:
Installing Phix on Various OSes (OSX, Debian, Ubuntu, Fedora)
October 03, 2011 @ 10:02:58

Stuart Herbert has put together a series of posts detailing how to get the Phix component creation and management tool installed on various operating systems.

Phix makes it extremely easy to create and maintain your own PEAR-installer compatible components for reuse in your PHP applications. Installation takes just seconds, and it's both open-source and framework-agnostic!

The OS guides help you get it installed for:

For more information about Phix (including helpful "getting started" details) check out the project's website.

0 comments voice your opinion now!
phix install component package manage pear operatingsystem guide


PHP-Code.net:
Securing PHP Apps Part III - Securing PHP on the server/Securing MySQL & Apache
October 14, 2010 @ 10:40:21

PHP-Code.net has posted the third part of their series looking at ways you can help to secure your PHP-based application. This time, though, the focus is all on the server side - Apache/MySQL/etc.

This is the last part of this tutorial where I tell you a few things about securing PHP on the server, about securing MySQL and Apache. [...] Also, you have to keep in mind that you must know on what operating system your server runs in (UNIX, Linux, Mac OS or Windows) because this has to be secured too. This article is not intended to present this step, but I thought that is good to know that too.

He starts the article with a few tips on shopping for a web host (if you don't already have one, of course) including encouraging the web host's admins to keep up with patches and apply them quickly. He includes a few helpful hints on securing the Apache side of things like setting ServerSignature to Off and ServerTokens to Prod. For MySQL his tips include updating to the latest version and for PHP, using the Suhosin patch to ensure some of the major issues caused by insecure PHP programming can be covered.

0 comments voice your opinion now!
security application server apache mysql operatingsystem


Ibuildings Blog:
Windows Azure and PHP
October 28, 2008 @ 09:36:13

In this new post to the Ibuildings blog, Ivo Jansch talks about the recent experience he had attending the Microsoft Professional Developers Conference in Los Angeles, CA.

I was invited to this conference by Microsoft (thanks Bram!) because Microsoft is opening up to the PHP community, and I must say that so far they haven't disappointed me.

He talks about what Microsoft had to show off including Azure, a cloud operating system that, in the future will be adapted to allow PHP applications to be run on it.

0 comments voice your opinion now!
windows azure microsoft cloud operatingsystem



Community Events





Don't see your event here?
Let us know!


list testing series laravel refactor threedevsandamaybe community wordpress podcast opinion install framework unittest interview experience language release introduction developer code

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework