News Feed
Jobs Feed
Sections

Recent Jobs

News Archive
feed this:

DevShed:
Implementing Internet Protocols with PHP
June 04, 2008 @ 09:32:22

On DevShed today, there's a new tutorial on showing how to create a simple application to use one of the simpler protocols - FTP.

PHP has many functions that help us to implement Internet and/or networking protocols. In this article, we will look at how to implement some of those protocols using PHP.

They introduce the FTP functions for PHP (a basic list, PHP manual style) and include the code - the CSS to make it easier to use and the PHP code to make the FTP connection and grab the remote file listing. A screenshot is included to give you an idea of the end result.

0 comments voice your opinion now!
tutorial ftp protocol application css remote file list



Ed Finkler's Blog:
Zend Studio for Eclipse and SFTPDrive not on speaking terms
March 20, 2008 @ 07:58:09

Ed Finkler, a long-time user of SFTPDrive on his Windows machine, has noticed something a bit odd lately when using the new Zend Studio (Eclipse):

For some reason, ZSfE just doesn't show me my 'k:' drive (the SFTP mount) when browsing for a project directory. This throws a real wrench in my usual workflow '" ZS 5.5 had built-in SFTP support, and I could also use the local mount if I wanted.

Finding nothing in the traditional places, he's made this blog post hoping someone might have the answer. Turns out that the fix (as provided by Josh Johnston) is to create a new project around a new Remote Folder.

0 comments voice your opinion now!
eclipse zendstudio sftpdrive remote folder edit drive


Demian Turner's Blog:
Seagull 0.6.4 Release (fixes Security Isse from 0.6.3)
January 25, 2008 @ 10:32:00

Demian Turner has posted about the latest version of the Seagull framework (0.6.3) and an update to correct a remote file disclosure issue (up to version 0.6.4).

Well it took a bit of time but after quite a few months a new release of Seagull is finally out, 0.6.3 (0.6.4). Things have been keeping pretty busy with the startup I'm working on, but it's been a great opportunity to refine some features of the framework and optimize the performance. The early indications are good, after less than 10 weeks of going live Kindo users are creating up to 20k profiles/day and the server load is staying comfortably below 0.5.

The update is a different download that helps correct an issue with the framework allowing user-inputted values from the GET string. Be sure and update your version to keep this security issue under wraps.

0 comments voice your opinion now!
seagull framework release fix security issue remote file disclosure


Chris Hartjes' Blog:
How To HTTP-PUT A File Somewhere Using PHP
January 14, 2008 @ 09:39:00

Chris Hartjes has a quick post (but complete with code) about moving files around a bit differently than the norm - it's his method for using a HTTP-PUT to push a file out.

A work project is getting close to 0.1 status. Pretty underwhelming, I know. One of the last 'milestones' for 0.1 is taking these wonderful XML documents that my web app creates and sends them to an internal web service. This web service will accept documents via an HTTP PUT [...] so I dug around a bit on the web and put together some code.

The code is a generic "publish" method that opens a stream to the remote server and, in a binary format, pushes the contents of a local file and parses out the response.

0 comments voice your opinion now!
http put remote location file push http put remote location file push


DeveloperTutorials.com:
Scraping Links With PHP
January 14, 2008 @ 08:44:00

The Developer Tutorials site has posted a new article covering the creation of a small application that can help you scrape content from a remote page and pull it into your script.

In this tutorial you will learn how to build a PHP script that scrapes links from any web page.

You'll learn to use cURL, the DOM functions, XPath and a bit of MySQL to get the job done. It's nice to see that they also include a section looking at one of the more touchy aspects of web page scraping - "is it legal?"

0 comments voice your opinion now!
scraping webpage remote curl xpath dom mysql scraping webpage remote curl xpath dom mysql


Gareth Heyes' Blog:
Faking the unexpected
December 04, 2007 @ 08:36:04

Gareth Heyes has an example of yet another way he's seen developers incorrectly handle incoming connections and the information inside. This time, he focuses on the remote IP coming from the client.

Developers place too much trust in everything, they assume that certain data cannot be faked and therefore these pieces of data can be used as a Trojan horse. Lets take the REMOTE IP of a user, it seems a trusted source because of the TCP/IP connection between the user and the server.

He points out the difference between HTTP_X_FORWARDED_FOR and REMOTE_ADDR and how, despite them being the same almost all of the time, shouldn't be trusted since they could be spoofed. He even includes an example script showing how it could be done (and how a bit of Javascript can even be inserted).

0 comments voice your opinion now!
remoteaddr httpxforwardedfor remote ip address exploit remoteaddr httpxforwardedfor remote ip address exploit


Community News:
Ubuntu Updates PHP Packages
November 30, 2007 @ 08:41:00

The Ubuntu linux group has released an update for their PHP packages to help protect their users from issues like security bypass and remote exploits.

This fixes a weakness and some vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users to bypass certain security restrictions and by malicious users to bypass certain security restrictions.

Packages can either be downloaded manually or via the linux distro's package manager. This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

0 comments voice your opinion now!
package ubuntu linux security issue exploit remote package ubuntu linux security issue exploit remote


PHP Discovery Blog:
Dangers of Remote Execution
November 21, 2007 @ 13:48:00

On the PHP Discovery blog, there's a new post reminding PHP developers of some of the more dangerous ways that remote execution could effect your site and some of the common entry points it can have.

PHP has numerous ways to execute raw PHP code unless you the programmer stops it. Best way in preventing these methods is making sure you check the input of what your users are inputting, and making sure you escape all malicious actions that a hacker,cracker, kiddy scripter might want to do to your website.

He summarizes four of the things from the Pro PHP Security book from Apress (by Chris Snyder and Michael Southwell) that can leave holes in you application for would-be explots - preg_replace, shell_exec/exec, eval (which we all know is only one letter from "evil" anyway) and require/include.

0 comments voice your opinion now!
danger remote execution pregreplace include eval shellexec exec require danger remote execution pregreplace include eval shellexec exec require


Jonathan Street's Blog:
When scraping content from the web don't make it obvious
November 07, 2007 @ 11:26:00

Jonathan Street has a tip for those developers out there that have no other choice than scraping content from a remote site - don't make it obvious. He also includes a suggestion on how to make it a little less obvious.

A couple of hours ago I was playing around scraping some content from a website. All was going well until suddenly I couldn't get my script to fetch meaningful content. [...] The first thing I did was stop visiting the site for 15 minutes or so and then increase the time between requests. It briefly worked again but quickly stopped.

One simple change to his user agent string in his php.ini made the problem evaporate pointing to a user agent filtering happening on the remote side. His helpful hint involves two methods - one in just PHP and the other in cURL - to change the user agent that your scripts are sending. An even better sort of solution might be some sort of rotating array that would alternate between four or five strings to make things even more random.

0 comments voice your opinion now!
scrape content remote server useragent filter modify phpini scrape content remote server useragent filter modify phpini


Community News:
rPath Updates PHP, PHP-MySQL and PHP-PGSQL Packages
October 25, 2007 @ 10:31:00

rPath linux has issued an update to their packages for PHP, PHP-MySQL and PHP-PGSql to correct issues that could make it possible for a remote user to gain unauthorized access.

his fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions or by malicious people to potentially compromise a vulnerable system.

References and links to the update information can be found in their original advisory.

0 comments voice your opinion now!
package update mysql pgsql rpath security remote access package update mysql pgsql rpath security remote access



Community Events











Don't see your event here?
Let us know!


releases package zend release mysql code application PEAR cakephp developer example database conference zendframework book PHP5 framework job ajax security

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework