News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Anthony Ferrara:
Seven Ways To Screw Up BCrypt
December 21, 2012 @ 12:20:04

If you're going to be rolling your own user handling in your application, no doubt you've heard that something like bcrypt-ing your passwords is a good idea. Well, Anthony Ferrara has some suggestions for you and shows you seven ways you can "screw up" when trying ti implement it.

There are numerous articles on the web about how to properly use bcrypt in PHP. So this time, rather than write yet-another-how-to-use-bcrypt article, I'm going to focus on the mistakes that are commonly made when implementing bcrypt.

Here's the list of seven ways (each has its own description in the post):

  • Using A Non-Random Salt
  • Using An Incorrect Random Source for Salt Generation
  • Using Too Weak Of A Cost Parameter
  • Using The Wrong PHP Version
  • Using The Wrong Prefix
  • Not Checking For Errors
  • Not Using A Library

He also includes two "bonus" things to consider: "Not Using A Timing Safe Comparison" and "Not Encoding The Salt Correctly".

0 comments voice your opinion now!
bcrypt screwup implementation suggestion salt random prefix library


Rob Allen's Blog:
Akrabat_Db_Schema_Manager table prefix support
June 21, 2010 @ 09:14:52

Rob Allen has a new post to his blog today talking about an update he's made to the Akrabat_Db_Schema_Manager component for the Zend Framework to allow it to support table prefixes.

I've updated Akrabat_Db_Schema_Manager so that it now supports table prefixes. It uses the application.ini key of resources.db.table_prefix as I couldn't think of a better one :) and then uses that for the schema_version table's name and also makes it available in your change objects.

He illustrates with a sample setting for your application.ini file and some code to handle the creation and deletion of tables using this prefix setting.

Note that you are responsible for using the prefix property as the change classes cannot enforce what you do within the up() and down() methods. It also follows that you'll have to ensure that your models also use the correct prefix.
0 comments voice your opinion now!
akrabatdbschemamanager zendframework component table prefix


Richard Thomas' Blog:
Solar Framework Shorts - Multitenant caching
September 21, 2009 @ 08:03:59

Richard Thomas has posted another Solar short with a quick tip on using the framework to cache data correctly (and under different prefixes) automatically even for multi-tenant sites.

This gets even more problematic if you support third party developers/modules as they have to follow the same rules as well. Head problems off at the pass by using the Solar_Cache prefix config. This bit of code would be placed as soon you "identify" the site in question and get some sort of unique id for that site.

All it takes is creating a Solar_Cache object (set into the Solar_Registry object) with the prefix for any and all scripts to pull out and use. This can even be used with the Solar models to cache data pulled from the database automatically.

0 comments voice your opinion now!
solar framework cache prefix tutorial


Justin's Blog:
How to secure your wordpress blog - part 2
April 15, 2009 @ 11:19:47

Justin had written up a previous article with a few quick ways to secure your WordPress blog and he's come back with a few more helpful hints on how to keep you and your blog safe.

The following is a list of some additional changes that you can make to improve the security of your wordpress installation (Backup wp-config.php and your db tables before trying the following).

Here's his new list of recommendations:

  • Change the default table prefix
  • Install WP-Scanner
  • Change permissions on the WordPress to only be writable by you and root
1 comment voice your opinion now!
secure wordpress blog table prefix permissions wpscanner


SaniSoft Blog:
The prefix automagic in CakePHP routing
April 09, 2008 @ 13:06:18

On the SaniSoft blog, Tarique Sani talks briefly about some of the prefix "automagic" that's already built in to the CakePHP framework's routing.

There are times when you need more than just admin routing, how about something like http://blah.com/user/profiles/edit and http://blah.com/user/profiles/changepassword ? If this could be routed to an action like user_add and user_changepassword wouldn't it be great!! (eg: think ownership ACL checks)

Good thing the CakePHP developers already planned for something like this - they included the connect() method for Router objects that maps the URL request to a method with that same prefix in the controller.

0 comments voice your opinion now!
cakephp framework prefix routing magic connect


DevShed:
MySQL Table Prefix Changer Tool in PHP
January 02, 2008 @ 09:54:00

On DevShed today there's a new tutorial showing a method for preventing SQL injection attacks on your site - a MySQL table prefix changer.

Changing these [table] prefixes can be a tedious job if you had to do it manually. Even tools like phpMyAdmin don't provide a clean, quick method of doing this. But with a little help from PHP, we are able to create our own tool very quickly.

The tutorial follows the construction of the tool, making the modifications to the current database tables and pushing all of the changes back into the database.

1 comment voice your opinion now!
table prefix changer tutorial mysql table prefix changer tutorial mysql



Community Events





Don't see your event here?
Let us know!


install interview voicesoftheelephpant language introduction podcast laravel library tips deployment community package opinion framework api list release series bugfix symfony

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework