News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Securing Your Server Login
October 22, 2014 @ 10:43:27

While PHP developers usually pay more attention to the code level of things, it's good to know something about managing the servers their applications live on too. In this most recent tutorial from NetTuts.com they introduce you to some of the basic things you can do to help secure your server against potential attacks, more specifically around the logins.

Thanks to the growing abundance of useful self-hosted apps such as WordPress and the affordable growth of cloud hosting providers, running your own server is becoming increasingly compelling to a broader audience. But securing these servers properly requires a fairly broad knowledge of Linux system administration; this task is not always suitable for newbies.

They provide a list of seven things to look at (not a comprehensive list, but good none the less) to protect your system logins:

  • Update Your System Components
  • Change Your SSH Port From the Default
  • Activate a Firewall
  • Change Your Root Login Name
  • Activate Google Two-Factor Authentication
  • Switch to Using SSH Keys for Login
  • Manage Your Application Security

Each item includes a summary of the "why" and commands or links to other resources with more information.

0 comments voice your opinion now!
server login security top7 list tips hosting

Link: http://code.tutsplus.com/tutorials/securing-your-server-login--cms-22001

Joshua Thijssen:
Deepdive into the symfony2 security component part 1
October 20, 2014 @ 10:26:33

On the latest post on his site Joshua Thijssen has kicked off a series taking a deep dive into the Symfony security component, a key piece in the security of Symfony-based applications. In this first part of the series he introduces the component and starts in on some of the features it offers.

Once in a while I like diving into code and see how things work under the hood. And as the symfony2 framework consists of many different components, bundles and bridges, there is a lot to discover. But ultimately, the code itself mostly isn't really as complex as it might seem from the outside world: just like a good magic trick, once unraveled, it all seems very simple and makes sense.

However, this is not true for one of those components: the security component. This black box full of dark magic doesn't like to give up its secrets, and after some (miserably) failed attempts, I am trying to unravel it once more in a few blog posts. Either we achieve complete victory, or fail yet again.. At this point, I will give both fair odds.

He starts off with an overview of the component, pointing out the two main things is handles: authentication and authorization. He also pulls in a few other things to do with security in Symfony to give a more complete, well rounded picture - the component itself, the security bundle and security bridges. He gets into a bit more detail about this last one and describes their specific use.

0 comments voice your opinion now!
symfony security bundle component overview deepdive series part1

Link: https://www.adayinthelifeof.nl/2014/10/19/deepdive-into-the-symfony2-security-component-part-1/

PHP.net:
PHP 5.4.34 & 5.6.2 Released
October 17, 2014 @ 10:14:07

On the main PHP.net site an announcement has been posted about the release of the two latest versions in the PHP 5.4.x and 5.6.x series - PHP 5.4.34 and 5.6.2

These releases fix several bugs in both versions including several security-related issues including CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. In the 5.4.34 release there was also a fix put in to correct a regression issue in the OpenSSL functionality.

As both of these contain security-related fixes, it's strongly recommended that you upgrade as soon as possible. As always, you can find the latest downloads on the main downloads page or windows.php.net for the Windows users. The full list of changes in each of the versions can be found in the Changelog.

0 comments voice your opinion now!
language release bugfix security update openssl

Link: http://php.net/archive/2014.php#id2014-10-16-3

Joshua Thijssen:
Symfony2 logging out
October 10, 2014 @ 10:51:03

In this new post to his site Joshua Thijssen talks about something that's usually considered a common task and might be overlooked when it comes to security: logging out (specifically in Symfony-based applications).

One of the "golden rules" of symfony2 is to never hardcode urls or paths inside your code or templates. And letting symfony deal with the generation of your urls and paths makes your life a lot easier as a developer. But one of the things I see regularly is that people are still hardcoding their logout urls like using "/logout". But logging out is actually a bit more complex than it might seem, and using a simple /logout might work for most cases, but there are better ways to deal with this.

To give some context, he starts with an overview of the Security component of the Symfony framework, mentioning how it can be configured with different "secure" areas and how they handle the user authentication. He includes an example configuration of one of these "firewalls" in a YAML document with three different sections: "dev", "superadminstuff" and "main". He explains what each of these sections are configuring and how they will react when the user visits them. He talks some about the "logout: true" handling and what kind of defaults are also included when it's called. He suggests that, instead of a hard-coded "logout" URL in your application, you make use of the "logout_url" and "logout_path" functions to create the link for you, making it consistent across the application and easier to configure.

0 comments voice your opinion now!
symfony logout security user login component link

Link: https://www.adayinthelifeof.nl/2014/10/06/symfony2-logging-out/

Matthew Weier O'Phinney:
Deployment with Zend Server (Part 4 of 8)
September 05, 2014 @ 09:22:38

Matthew Weier O'Phinney has posted the latest tip in his Zend Server deployment series, part 4 related to securing the scripts you use for your jobs (like cron, but run through Zend Server).

This is the fourth in a series of eight posts detailing tips on deploying to Zend Server. The previous post in the series detailed a trick I learned about when to execute a chmod statement during deployment. Today, I'm sharing a tip about securing your Job Queue job scripts.

He talks about the security concerns around the scripts you use for your jobs and how to protect them since they're exposed to the world as public scripts (if their URL can be tracked down, that is). He shares a few lines of code that can help prevent that, though - a check to see if it's running as a job (via getCurrentJobId) and returning a "403 Forbidden" if not.

0 comments voice your opinion now!
zendserver deployment tips series part3 security jobid

Link: https://mwop.net/blog/2014-09-04-zend-server-deployment-part-4.html

PHP.net:
PHP 5.4.32 Released
August 22, 2014 @ 12:48:52

The PHP development team has officially announced the release of the latest version in the PHP 5.4.x series that fixes several security issues: PHP 5.4.32.

The PHP development team announces the immediate availability of PHP 5.4.32. 16 bugs were fixed in this release, including the following security-related issues: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120. All PHP 5.4 users are encouraged to upgrade to this version.

You can view the full list of changes and what part of the language they effect in the changelog. To download this latest version, you can get the source from the downloads page or windows.php.net for Windows users.

0 comments voice your opinion now!
release language php54 security bugfix upgrade

Link: http://php.net/index.php#id2014-08-21-1

PHP.net:
PHP 5.3.29 is available, PHP 5.3 reaching end of life
August 14, 2014 @ 08:50:12

The PHP.net site has announced both the release of PHP 5.3.29 and a reminder that the PHP 5.3.x series is coming close to its "end of life" date.

The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. PHP 5.3.29 contains about 25 potentially security related fixes backported from PHP 5.4 and 5.5

If you're using any release in the PHP 5.3.x series, it's highly recommended you either update to this latest version or you make the jump up to something in the PHP 5.4 or 5.5 series. You can get this latest release either from the main downloads page or for Windows users the windows.php.net site. The full change log can be found here.

0 comments voice your opinion now!
php53 endoflife release php5329 security fixes

Link: http://php.net/archive/2014.php#id2014-08-14-1

PHPClasses.org:
Lately in PHP Podcast #48 - To TDD or Not TDD?
June 27, 2014 @ 11:38:37

On the PHPClasses.org site today Manuel Lemos has released the latest episode in their "Lately in PHP" podcast series: Episode #48 - To TDD or Not TDD?.

Lately the debate about whether you should use TDD or not in all software projects all the time has been very intense. [...] They also talked about the upcoming end of life release of PHP 5.3, getting information of parameter type hinting with reflection, using object methods on native data types, security problems of OAuth implementations, and the built-in support of Composer to access password protected repositories.

You can listen to this latest episode either through the in-page audio player, by downloading the mp3 or you can watch the live recording over on the PHPClasses YouTube playlist. A transcription of the recording is also provided as well as links to some of the topics mentioned.

0 comments voice your opinion now!
phpclasses latelyinphp ep48 podcast tdd typehint oauth security composer

Link: http://www.phpclasses.org/blog/post/239-To-TDD-or-Not-TDD--Lately-in-PHP-podcast-episode-48.html

PHP.net:
PHP 5.4.30 & 5.5.14 Released
June 27, 2014 @ 09:49:17

PHP.net has posted two new release announcements today, one for PHP 5.4.30 and the other for PHP 5.5.14.

For the PHP 5.4.30 release:

The PHP development team announces the immediate availability of PHP 5.4.30. Over 20 bugs were fixed in this release, including the following security issues: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515. All PHP 5.4 users are encouraged to upgrade to this version. Please, note that this release also fixes a backward compatibility issue that has been detected in the PHP 5.4.29 release.

For the PHP 5.5.14 release:

The PHP Development Team announces the immediate availability of PHP 5.5.14. This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension. All PHP users are encouraged to upgrade to this new version. Please, note that this release also fixes a backward compatibility issue that has been detected in the PHP 5.5.13 release.

As always you can download these latest releases from the main downloads page (or here for Windows users) and see the complete list of changes in the Changelog.

0 comments voice your opinion now!
language release bugfix security update

Link: http://www.php.net/archive/2014.php#id2014-06-26-1

PHP.net:
PHP Versions 5.5.13 & 5.4.29 Released
May 30, 2014 @ 09:28:21

The PHP.net development group has made two release announcements today about the latest versions in both the PHP 5.4.x and 5.5.x series: PHP 5.4.29 as well as PHP 5.5.13.

This release [of PHP 5.5.13] fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237). [Additionally, in PHP 5.4.29] 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version. [...] All PHP users are encouraged to upgrade to these new versions.

As always, you can get these latest releases from either the main downloads page or windows.php.net for the Windows users out there. For the complete list of changes in either release, see the full Changelog.

0 comments voice your opinion now!
language release bugfix security update

Link: http://www.php.net/archive/2014.php#id2014-05-29-5


Community Events





Don't see your event here?
Let us know!


podcast series symfony install framework language zendserver laravel release api community package list interview introduction tips deployment library opinion update

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework