Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Developer.com:
PHP 5 OOP - Protecting Data With Visibility
May 10, 2006 @ 20:02:18

In Developer.com's latest article, they continue their series (part 1) of working with PHP5's object system to create an abstraction layer, specifically a database layer.

In the prior article, PHP 5 OOP: Interfaces Abstract Classes and the Adapter Pattern, I presented an interface for abstracting database access from the actual database. The article also presented code for accessing a database.

In this article you will learn to expand upon the functionality you built from the first article in order to show how to protect your data using visibility modifiers.

They start with a look at some of the "accessibility modifiers" that PHP5 has to offer - like private or public - in it's object model. They define them in the context of their database class as well, demonstrating how both variables and classes can be marked this way. After this, it's all about the code, looking first at preparing the SQL query, then validate the SQL before sending it off to the last step - executing the query and fetching the results (if needed).

tagged: php5 oop protecting data visibility part2 php5 oop protecting data visibility part2

Link:

Developer.com:
PHP 5 OOP - Protecting Data With Visibility
May 10, 2006 @ 20:02:18

In Developer.com's latest article, they continue their series (part 1) of working with PHP5's object system to create an abstraction layer, specifically a database layer.

In the prior article, PHP 5 OOP: Interfaces Abstract Classes and the Adapter Pattern, I presented an interface for abstracting database access from the actual database. The article also presented code for accessing a database.

In this article you will learn to expand upon the functionality you built from the first article in order to show how to protect your data using visibility modifiers.

They start with a look at some of the "accessibility modifiers" that PHP5 has to offer - like private or public - in it's object model. They define them in the context of their database class as well, demonstrating how both variables and classes can be marked this way. After this, it's all about the code, looking first at preparing the SQL query, then validate the SQL before sending it off to the last step - executing the query and fetching the results (if needed).

tagged: php5 oop protecting data visibility part2 php5 oop protecting data visibility part2

Link:

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
Apr 03, 2006 @ 12:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

tagged: protecting database login password htaccess protecting database login password htaccess

Link:

Greg Beaver's Blog:
Protecting a MySQL user/password in a PHP script
Apr 03, 2006 @ 12:37:38

Greg Beaver has posted some tips he has (with a few updates along the way) about protecting your MySQL username and password in a PHP script, hiding the plain-text version from would-be attackers.

Two days ago, I gave a talk at the University of Nebraska-Lincoln's computer science department colloquium on open source. At the reception preceding the talk, one of the students asked if there was a good way to protect the user/password of his MySQL scripts. This is an issue I have never run up against because we have a unique IP on the webhost, and it doesn't matter whether someone knows the user/pass, they can only connect directly from that host (and if someone can hack into the host, I doubt the database is the only thing that will be compromised).

The dilema was caused by the shared hosting of the students' sites and the plain-text storage of their database user/pass in a Wordpress file. Greg suggested two methods, one where each user gets their own Apache space, and another where the password is stored in a read-only file that just the server has access to.

Chris Shiflett came back with a comment, however, about another, more secure mthod - using an .htaccess that only the user can work with (and can change at any time) containing and setting Apache environment variables the script could then pull.

tagged: protecting database login password htaccess protecting database login password htaccess

Link:

Justin Silverton's Blog:
protecting your PHP code
Mar 27, 2006 @ 13:32:16

Some PHP developers out there are very protective of their code for one reason or another. Sometimes it's a matter of their hard work, slaving over a keyboard for hours and hours to get it exactly right. Then there's the other reason - money. Of course, no matter what your situation, a new post from Justin Silverton might help you narrow down the encoder software field a bit.

A client of mine approached me today and was interested in releasing a PHP based product, but didn't want his source code to be viewed, in plaintext, by the people purchasing it (mainly because competitors can could easily just purchase a copy and integrate his source code into their product). So, I researched the different options available to protect source code.

He includes his suggestions on "what doesn't work" (encoders that can be broken by sites like phprecovery.com) and "what works" - code obfuscation. His personal favorite in this department is POBS, a simple application that alters your code by changing function names/variable names and obscuring the code by modifying the structure of the code (adding/removing newlines, stripping spaces, etc).

tagged: protecting obfuscation encoder protecting obfuscation encoder

Link:

Justin Silverton's Blog:
protecting your PHP code
Mar 27, 2006 @ 13:32:16

Some PHP developers out there are very protective of their code for one reason or another. Sometimes it's a matter of their hard work, slaving over a keyboard for hours and hours to get it exactly right. Then there's the other reason - money. Of course, no matter what your situation, a new post from Justin Silverton might help you narrow down the encoder software field a bit.

A client of mine approached me today and was interested in releasing a PHP based product, but didn't want his source code to be viewed, in plaintext, by the people purchasing it (mainly because competitors can could easily just purchase a copy and integrate his source code into their product). So, I researched the different options available to protect source code.

He includes his suggestions on "what doesn't work" (encoders that can be broken by sites like phprecovery.com) and "what works" - code obfuscation. His personal favorite in this department is POBS, a simple application that alters your code by changing function names/variable names and obscuring the code by modifying the structure of the code (adding/removing newlines, stripping spaces, etc).

tagged: protecting obfuscation encoder protecting obfuscation encoder

Link:


Trending Topics: