News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
Security Oriented PSR Proposed to PHP-FIG
November 11, 2014 @ 11:56:42

Pádraic Brady has a new post to his site today talking about a security-oriented PSR that's being proposed to the PHP-FIG group (by Lukas Smith). The proposal suggests the creation of a security policy to be used by members of the PHP-FIG and a way to make sharing security issues more standardized.

Lukas Kahwe Smith recently brought forward an idea to PHP-FIG with two broad objectives for a new PSR: To write a security policy that could be adopted by members; and proposal to make sharing security vulnerabilities more common and standardised. He has invited interested people to express their interest in joining a separate mailing list to discuss the details: https://groups.google.com/forum/#!topic/php-fig/45AIj5bPHJ4. Larry Garfield of Drupal and Korvan Szanto of concrete5 CMS have offered to sponsor the proposal.

He talks some about security policies in general - what they are, why they're a good idea and what Lukas is proposing for PHP projects. He also briefly covers the publishing of vulnerability data, the different options for publishing them and how the standardization of it could be integrated with current tools (Composer anyone)?

0 comments voice your opinion now!
phpfig security standard reporting proposal discussion

Link: http://blog.astrumfutura.com/2014/11/security-oriented-psr-proposed-to-php-fig/

NetTuts.com:
Building Advanced Email Features With IMAP and PHP
October 21, 2014 @ 12:19:47

On the NetTuts.com site they've posted a tutorial showing you how to build advanced features with IMAP and PHP. He bases it on the SimplifyEmail project and incldues examples of three different features to get you started.

Analysis of my own email showed I was receiving email from more than 230 automated senders, far fewer actual people. I was tired of constructing filters in Gmail and filling in a myriad of unsubscribe forms. I wanted to have more control over managing my email and simplifying my life. Finally, this past year, I decided to build the features I needed. The result is Simplify Email (SE), a small web app you can host yourself which offers a variety of cool new email features all of which you can check out on the project website. The coolest thing about SE is that it's a platform for reading, analyzing, routing and managing your email - the possibilities abound. Simplify Email is essentially a programmable playground for "hacking" your own email.

His three examples show you how to:

  • Checking your inbox and filter messages
  • Implement a Whitelist challenge to unknown senders
  • Reporting unanswered email

Each of these comes with plenty of code examples, screenshots and output examples (as well as some places where you might need to change some SE configuration values).

0 comments voice your opinion now!
advanced email imap tutorial feature simpleemail filter whitelist reporting

Link: http://code.tutsplus.com/tutorials/building-advanced-email-features-with-imap-and-php--cms-22059

PHPMaster.com:
Error Handling in PHP
November 10, 2011 @ 08:41:39

On PHPMaster.com today there's a new tutorial from Sneha Heda looking at error handling in PHP - the types of errors that can come up, how to throw your own and how to catch them appropriately.

Errors are the most common event a developer faces when programming. [...] To help reduce the number of errors in your code, and to mitigate their effects, proper error handling is essential in your web application. This article is a crash course in PHP error handling. You'll learn about PHP's built-in error reporting levels, and how to handle errors with custom error handlers and exception handling.

She starts with the different error reporting levels PHP offers, everything from the lightweight E_NOTICE out to E_ALL|E_STRICT. With this as a reference, she shows how to create a custom error handler (using set_error_handler). Also included is a look at exceptions and some of the more detailed information that comes with them - line numbers, messages, file the error was thrown from, etc.

0 comments voice your opinion now!
error handling tutorial exception custom handler reporting level


Brian Swan's Blog:
Getting Started with SQL Server Reporting Services (SSRS) and PHP
May 06, 2010 @ 10:12:15

Brian Swan has a new post to his MSDN blog today that looks at working with the SQL Server Reporting Services SDK and PHP to automatically create some reports based on the date in your database.

In this post I'll dive into the SSRS SDK for PHP that was recently released by the Interoperability team here at Microsoft. [...] The documentation in the SDK is complete with explanations for the classes that make up the SDK, code examples, and a "hello world" example. However, in this post, I'll build a simple web page (code attached to this post) that renders the Sales report that I created last week.

He starts off with an overview of how all of the technology will fit together and some of the things you'll need to have before you can get started - a user with the right permissions and a connection to the server. The "SSRSReport" class in the SDK gives you quick access to load a report based on a named location. You can then use methods like "RenderAsHTML" to output it as HTML or one of other methods (like CSV, text, PDF, etc).

0 comments voice your opinion now!
reporting services sqlserver ssrs sdk tutorial


ZendCasts.com:
Reporting with Zend_Tool and Zend_Log
April 28, 2010 @ 08:43:23

On the ZendCasts.com site there's a new screencast continuing their look at the Zend_Tool component by combining it with Zend_Log to do some easy reporting.

This video uses a collection of powerful PHP libraries in order to illustrate how easy it really is to build a command-line tool for reporting against XML files. We start off by logging visitor statistics in the controller into a log file with Zend_Log. Once data has been collected, we're then able to utilize SimpleXML, Zend_Date and the Zend_Tool component to build out a very simple reporting tool.

He suggests one possible use is to create a cron job that will regenerate the reports nightly. You can view the screencast in the post or download a copy of the project to get started right away.

0 comments voice your opinion now!
zendtool zendlog zendframework webcast tutorail reporting


PHPro.org:
PHP Security
September 18, 2008 @ 12:04:31

Kevin Waterson has posted a new article to his site today - an introductory look at security in your PHP applications.

One of the great benefits of PHP is its ease of access to new-comers. Its entry level is minimal and so attracts those looking for simple scripts to their sites. It is this same ease of access that becomes a problem as the new-comers begin to deal with input from users. Failure to adequately validate and sanitize data is the leading cause of security problems when dealing with PHP.

He looks at a few different areas that developers need to focus on (and be sure to filter on) like PHP_SELF, protection from email header injections, file inclusion and the use of error reporting to make handling user-generated errors "more correct".

0 comments voice your opinion now!
security tutorial phpself email header include error reporting


Padraic Brady's Blog:
PHPSpec Reporting Gets A Needed Boost
November 14, 2007 @ 14:25:00

Padraic Brady has made a few updates to the PHPSpec software he's developed in preparation for the first stable release - additions to the reporting functionality to give as much information as possible.

PHPSpec is closing in on its first stable release, so the time had finally come to spruce up its output! No more the simple reporting of failed specs - now you get a few more details in a readable format, exceptions and errors even come with traces. In addition, I've implemented specdoc output as an option (using "-s") so you can get a list of specs in their plain text form.

He's also included an example of the new output in the post as well, showing the results of both successful and errored responses. You can check out the actual spec files on the googlecode repository for the project and get more details on the project itself (including the latest development snapshots) on the project's website.

0 comments voice your opinion now!
phpspec reporting stable release spec snapshot phpspec reporting stable release spec snapshot


Zend Developer Zone:
Security Tip of the Week
March 05, 2007 @ 14:23:00

The Zend Developer Zone has starting up their own contribution to the security side of the PHP community - a "Security Tip of the Week" starting with the first three new ones posted just recently:

  • Tip number one involves a good recommendation - keeping your PHP version up to date. Many security issues and exploits have come around because of older versions and the issues they hold.
  • Tip number two focuses on the errors that your site gives to the viewing public and the information they can betray (file locations, etc)
  • Tip number three talks about using other applications to help you find issues in your code that you might not even know were there - such as Chorizo and the PHPSecInfo reporting tool.
Stay tuned for even more security goodness from Cal and the Zend Developer Zone over the coming weeks...

0 comments voice your opinion now!
securitytipoftheweek reporting tool securitytipoftheweek reporting tool


DevShed:
Am Introduction to PHP Security
February 15, 2007 @ 06:50:52

Devshed has posted a new article covering one of the hottest topics in the PHP community right now - security.

Security in a scripting language such as PHP is more developer-dependent than language-dependent. In other words, although the language offers you the tools to create secure code, it cannot prevent insecure code. Thus, the degree to which code is secure almost entirely depends on how security conscious a developer is.

The article looks at three security-related topics:

  • Register globals
  • error reporting
  • code exposure
and for each provides explanation and code where needed to help the reader understand the issues and possible problems with them.

0 comments voice your opinion now!
introduction tutorial security registerglobals error reporting exposure introduction tutorial security registerglobals error reporting exposure


Stoyan Stefanov's Blog:
Performance tunning with PEARDB
January 17, 2007 @ 09:35:00

Stoyan Stefanov has posted some of his tips to his blog today. Specifically, they deal with the PEAR::DB class, demonstrating some of the optimization of the package he's discovered in his coding experience.

If you use PEAR::MDB2, you can set a custom debug handler and collect all the queries you execute for debugging and performance tunning purposes, as shown before. But what if you're using PEAR::DB? Well, since PEAR::DB doesn't allow you such a functionality out of the box, you can hack it a bit to get similar results.

He creates a simple app to help with the illustration - a number of select queries to grab zipcode information from the database. As it stands, the PEAR::DB package doesn't handle the debugging well, so he adds in a few more lines to buffer the connection and some reporting code to check the resulting output (as well as some of his sample reports).

0 comments voice your opinion now!
pear package peardb performance tuning buffer connection reporting pear package peardb performance tuning buffer connection reporting



Community Events





Don't see your event here?
Let us know!


introduction version library laravel series community voicesoftheelephpant release package podcast opinion security interview install tool update symfony framework composer language

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework