News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
PHP Package Signing My Current Thoughts
March 10, 2014 @ 11:57:49

Pádraic Brady has a new post sharing some of his ideas around PHP package signing and a few possible ways to approach (and possibly solve) the problem.

We figured out how to write good code. We figured out how to write good code in a reusable way...for the most part. We figured out how to distribute and mix all that good reusable code in a sensible fashion. Can we now figure out how to do it all securely? [...] The problem with package signing from my perspective is tied up in a phrase most of you would know: The needs of the many outweigh the needs of the few. Thank you, Spock.

He compares two different alternatives, Public-key infrastructure (PKI) vs (Pretty Good Privacy) GPG, and how the idea of trust fits into the picture. He also points out an unfortunate fact when it comes to the initial adoption of package signing methods - people are lazy (and cheap). They want to get things done and not have extra steps. Signing their packages would be one of these steps. He suggests an alternative, though, using double signatures to verify the integrity and validity of its contents. He also talks about the role that metadata plays in the overall package ecosystem and how signing it as well could be part of the solution.

0 comments voice your opinion now!
package signature signing metadata packagist composer

Link: http://blog.astrumfutura.com/2014/03/php-package-signing-my-current-thoughts

Jeremy Kendall:
API Query Authentication With Query Auth
August 15, 2013 @ 09:41:46

Jerermy Kendall has written up a post for his site showing the use of his QueryAuth library for API authentication, complete with plenty of examples. The library makes it simple to sign and verify requests based on a key, secret and parameters given.

Most APIs require some sort of query authentication: a method of signing API requests with an API key and signature. The signature is usually generated using a shared secret. When you're consuming an API, there are (hopefully) easy to follow steps to create signatures. When you're writing your own API, you have to whip up both server-side signature validation and a client-side signature creation strategy. Query Auth endeavors to handle both of those tasks; signature creation and signature validation.

He includes code examples showing how to create a signed request, validate the signature from an incoming request and generate randomized keys and secrets. He's also created a sample implementation as a Vagrant box that sets up a Slim framework based application and uses Guzzle to make requests. He briefly looks at some of the code that makes it work and what the raw HTTP request and response look like for the result.

0 comments voice your opinion now!
queryauth api authentication signature parameter key secret tutorial

Link: http://jeremykendall.net/2013/08/13/api-query-authentication-with-query-auth

Mike Purcell's Blog:
PHP - Reflection Class - Determine Parent Method Signature
July 05, 2012 @ 10:12:04

In this recent post to his blog Mike Purcell shares a method he found to discover the parameters required by a method in a class' parent via reflection.

According to PHP docs regarding the Memcached::get() method, there are three arguments which which must be added to my extended signature, which I added, but kept getting "...should be compatible with that of Memcached::get()" errors. I tried looking for the method signature via source code but didn't glean anything useful from the PECL documentation, so I turned to PHP's RelectionClass.

He includes a quick snippet of code showing how the check works and the handy output it produces - a set containing the parameter name, if it's require or optional and it's definition.

0 comments voice your opinion now!
reflection parent method signature tutorial


Sameer Borate's Blog:
Source Code Signatures in PHP
November 10, 2011 @ 13:11:17

In this new post to his blog Sameer Borate applies an interesting method of discovery of structure in unfamiliar code - generating code signatures.

One method [Ward Cunningham] suggests is that of summarizing on a single line select punctuation characters from each source file. He calls this the file's "signature". This will help the developer gauge the complexity of the code base.

He includes a few examples from files in WordPress - looking for the structure of curly braces and semicolons as delimiters for chunks of functionality. Included are a few lines of code to help you generate a signature from any file and an example of a result. It's an interesting idea, but I'm not sure how practical it is. It could be a helpful reference for how complicated the file is, though.

0 comments voice your opinion now!
sourcecode signature wordpress complexity


DevShed:
Error Handling for Dynamic Twitter Signature Images with PHP
August 26, 2009 @ 07:55:45

DevShed has posted the third part of their series looking at the creation of dynamic twitter signatures. These signatures are the sort of badges you'd see on a site with the user's latest tweet and their photo.

In the third installment in this series, I will be demonstrating how to add proper object-oriented error handling to the SignatureImage class.

They've built up the class to take in a twitter username and, via a cURL request pull in both the account's avatar and latest tweets. If something goes wrong, though, the class needs to be modified to handle it. They show how to add in try/catch handling with an error handler method in the class to work with the error's result.

0 comments voice your opinion now!
error handling twitter tutorial signature


DevShed:
Enhancing Dynamic Twitter Signature Images with PHP
August 14, 2009 @ 08:27:17

In this second part of their "dynamic twitter signature" series DevShed expands on the previous part and adds in code to work with the GD libraries to make the image.

In my last article we began putting together a solution that will allow us to display dynamic Twitter signature images in forum posts and emails. In this article we'll continue where we left off by adding the functions that will harness the power of GD to create the actual image.

They review the previous code - a simple class that makes a request to the twitter servers for the latest statuses from the user - and adds on the fetching of the user's avatar and to push the text content into the generated image.

0 comments voice your opinion now!
enhance twitter tutorial signature image


PHPFreaks.com:
PHP Add Text To Image
January 26, 2009 @ 12:04:06

This new tutorial from the PHPFreaks.com website shows how to add text into a custom created image (they go with an Arial font in a PNG image).

One of the standard features of a message board is allowing members to have a signature, which is appended to the bottom of each post they make. Posters can put whatever they want into the signature (within forum settings). Putting quotes in one's signature is one of the more popular things to do. [...] Soon afterwards, I started receiving messages on a fairly regular basis asking me "What kind of sorcery is this?? How do I do that??" You know, I think it's kind of funny people should ask, because this is really nothing new.

His code (the full script is here) sets up the font size, the font face (Arial) and the quotes to be randomly pulled from first. The image manipulation comes next - making a PNG resource, adding a few colors and shapes, and dropping in the text.

Each line of the code is covered in detail so you'll understand exactly what's going on. The end result is a script that makes a simple image and can be easily expanded to work with other sources (like databases or flat text files).

5 comments voice your opinion now!
tutorial image dynamic gd text signature forum random


PHPied.com:
HiLiteMe.com updated
September 11, 2006 @ 07:38:47

On PHPied.com, there's a new post about some updates that have been made to the HiLiteMe.com site work even more features to make it more flexible.

Following from here, I'm proud to announce an update to HiLiteMe.com with two custom renderers for Text_Highlighter.

The additions are an option to make the output in a BB Code format (easier for forum pasting) and some simple HTML code integration to make the results more portable. There are also enhancements to the CSS that keep you from having to View Source each time to get the results and a setting letting you specify the tab size. You can test it out here.

0 comments voice your opinion now!
highlight css bbcode html text_highlighter highlight css bbcode html text_highlighter


ThinkPHP Blog:
Improving Usability on "My Chorizo" page the host signature file
July 31, 2006 @ 05:59:21

The guys over at the ThinkPHP blog are already improving their Chorizo security scanner software with refreshed usability for their "My Chorizo" page inside the utility.

In the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host's document root. Some of our users had trouble uploading it into the docroot, some accidently put it into the wrong directory.

Their enhancement makes it easy to tell which of the products have their signature files in place and while don't at a glance.

0 comments voice your opinion now!
chorizo web scanner usability update signature chorizo web scanner usability update signature



Community Events





Don't see your event here?
Let us know!


community zendserver api threedevsandamaybe introduction release list development series tips podcast language framework interview conference bugfix code deployment symfony laravel

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework