Codewalkers.com has posted a new tutorial today from Martin Psinas titled “The PAVISE of Security”.
Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.
In the tutorial he talks about the bad reputation that PHP seems to be gathering and how it’s less about the langauge and more about the applications written in it. His response is shown the the acronym in the title: PAVISE- Privacy, Administration, Validation, Integrity, Sociology and Environment.
- Privacy deals with keeping server-related info away from the client (what it shouldn’t see)
- Administration suggests knowing how things are configured, even if you don’t have the access to change them
- Validation (a huge factor) keeps the user data entered from doing bad things to you and your application
- Integrity is the overall strength of your application
- Sociology talks about methods to protect yourself from the social engineering that can happen to anyone
- Environment requires knowing if you’re working on a secure platform or not, which could undermine all other efforts
Under each of the headings items are listed out and detailed to help give you a more concrete example. Code examples are also included where appropriate.
The guys over at the ThinkPHP blog are already improving their Chorizo security scanner software with refreshed usability for their “My Chorizo” page inside the utility.
In the spirit of Web2.0 applications, we constantly improve Chorizo! and silently update the application with the newest features. In order to scan a host, you have to prove that you are the owner of the host by uploading a unique signature file to your host’s document root. Some of our users had trouble uploading it into the docroot, some accidently put it into the wrong directory.
Their enhancement makes it easy to tell which of the products have their signature files in place and while don’t at a glance.
One of the things that frustrates SOAP (and other web service) users is the creation of the WSDL files for their service. Learning a whole new “language” just to describe what they’re offering seems silly, so the quest began for a method to automatically create this information based off of the service itself.
That’s where this post on Katy’s homepge comes in. It details updates Katy has made to a class offered by David Griffin called wsdl-writer-0.3.
There have been several attempts to write WSDL auto-generation code for PHP. They typically work by having the developer provide additional data about the types of each argument and return value to each web service defined, for example in comments or arrays.
All of the published solutions are rather limited. Perhaps the best attempt I found is David Giffin’s wsdl-writer-0.3, but [it] has some major limitations as it stands. David unfortunately does not maintain wsdl-writer so I have decided to publish my modifications here.
She details the changes, noting updates to interoperability, new features (including native SOAP header support), and a few other bug fixes. A simple code example is also included, showing a sample web service class.
Ben Ramsey has a reminder posted about the PHP Appalachia event happening in September in Cherokee, North Carolina.
This is just a reminder to let you know that the extension for reserving your campground spot for PHP Appalachia will expire soon—on August 1, to be exact. After August 1, you will still be able to reserve a spot at the campground, but you will not receive the group discount, nor is there any guarantee that your campsite will be placed with or near the rest of the group. So, sign up today!
If you want more information about this gathering of fellow PHP enthusiasts, you can check out their website. It’s the whole “unconference” idea, letting things flow naturally (as they should in this setting) and PHP-related topics come up ask they will.
So, come on and join in for a different kind of conference - get connected with other PHP fans, stay connected with wireless internet, and enjoy just getting out of town for a while.