Digest Access Authentication is one method that a client and server can use to exchange credentials over HTTP. This method uses a combination of the password and other bits of information to create an MD5 hash which is then sent to the server to authenticate. Sending a hash avoids the problems with sending a password in clear text, a shortfall of Basic Access Authentication.

He starts out by looking at the "basic authentication" mechanism that's built into most web servers and points out that it has a major flaw - sending the username/password in (pretty much) plain text. Digest, on the other hand, uses a MD5 hash created from a few pieces of information including username, realm and request method. The result is sent as a header back to the server that can then be parsed by PHP. He also talks about improving on the basic version of the digest method using the qop, nc, and cnonce optional parameters.

There is no right or wrong way, but no matter what there is no *pretty* way to do SQL inside of a PHP application. I have been having a personal debate with myself all week about how to make SQL statements nicer in an application without going to a huge DBAL package like Doctrine.

He looks at each idea and provides some of the pros and cons about each of them, noting that he hasn't quite decided on which is the best method. Some sample code is included to help clarify the points, showing the "find by unique key" version and how a more complex query might be created with the "builder object."

In this episode we talk to Adam Culp on his very first day as a Zend employee. We talk about PHP community and Adam's decision to move from the realm of independent consultant to Zender! Adam is the organizer of SunshinePHP, PHP Guru and joining the Zend Professional Services Team.

You can listen to this latest episode either through the in-page player or by downloading the mp3 directly. You can also subscribe to their feed of you want this and future episodes pulled automatically.

This is the 3rd set of Zend Certification Tips and Advice to help anyone taking either of the two Zend Exams powered by Zend Technologies: the Zend PHP Certification Exam and/or the Zend Framework Certification Exam. The aim being to help people who want to sit for those exams and inform them what it is all about & what to expect by hearing it from (pro) PHP Guys who have already been through it, that is => Hear It From Zend Certified Engineers!

He starts off with some general questions to Eric about the exam and its structure and how he prepared himself for it. He mentions some of the resources he used to study and what kind of topics to pay attention to. There's also a few quotes included at the end giving another perspective on the exam (specifically, some frustrations).

I think the main reason why we have to hash passwords is to prevent passwords from being stolen or compromised. You see, even if someone steal your database, they will never read your actual or cleartext password. I know that some PHP frameworks or CMS already provide this functionality, but I believe that it is important for us to know how its implementation can be made.

His sample application stores the user data in a MySQL database and does the salting+hashing at the time of the request. It uses a hard-coded salt and a value of 8 for the hashing/stretching. Screenshots of each page in the example application are also included.

Cal Evans has been referred to as "The Ubiquitous Face of the PHP Community". That's made Cal an obvious choice for the first guest on the PHPPodcast. In this episode we chat about the evolving face of the PHP community.

You can listen to this latest episode either through the in-page player, by downloading the mp3 or by subscribing to their feed.

This is the 2nd set of Zend Certification Tips and Advice to help anyone taking either of the two Zend Exams powered by Zend Technologies: the Zend PHP Certification Exam and/or the Zend Framework Certification Exam. The aim being to help people who want to sit for those exams and inform them what it is all about & what to expect by hearing it from (pro) PHP Guys who have already been through it, that is => Hear It From Zend Certified Engineers!

They start with a little background on her and her experience with PHP and get quickly into the questions about the exam. Topics include things like:

• What the test is about and hopes to achieve
• Some things you can do to prepare
• A recommendation to make the most of your time exploring topics you might be weak in
• Whether or not the ZCE training classes help in the learning process

You can read the rest of the interview here.

This is the 1st set of Zend Certification Tips and Advice to help anyone taking either of the two Zend Exams powered by Zend Technologies: the Zend PHP Certification Exam and/or the Zend Framework Certification Exam. The aim being to help people who want to sit for those exams and inform them what it is all about & what to expect by hearing it from (pro) PHP Guys who have already been through it, that is.

There's a long list of questions in the interview covering a wide range of things about the test everything from what its about out to some of Michelangelo's own opinions about the tests:

• Can you briefly give us an idea of what ZC is about, what it tries to achieve?
• Can you give us an idea of what need to be studied and what kind of stuffs we should expect..etc
• Parts of the modules that you think is more complex and one should pay special attention to?
• What TWO questions can you remember that you can share with us
• Do you recommend PHP guys to get certified?

Check out the answers to these and more questions in the full interview.

In this somewhat risqué episode, we'll look at just what you need to be able to do development work on the i. Many people in the i world will that PHP is native to the i, but I don't think that's really true. To me, native means that it just runs, no problems or questions asked, nothing special needs to be done, it just sort of happens like when you see someone across a crowded room and know she/he is "the one". That's not the way it works with PHP and the i.

He starts off by talking about Zend and its contribution to the IBM i's abilities to run PHP through RPG thanks to a "bridge" they created. There are other options, but as he points out, they're not as well developed (or supported) as Zend's offering (being Zend Server, Zend Studio and Zend Framework).

He then talks about the details of creating and running scripts - where to put them, what kind of RPG knowledge you'll need to implement them, and which parts of the typical MVC stack work best where.

You must always think about security. If passwords are stored in plain text, what happens if an attacker gains access to your database? He can easily read all of the users' passwords. That's why we use a technique called password hashing to prevent attackers from getting user passwords. In this article you'll learn how to store the passwords securely in the database so that, even if your database falls into wrong hands, no damage will be done.

He starts off describing what password hashing is and why it's important (and better than it's plain-text alternative). He gives some examples of using some of the built-in hashing functions PHP has to offer to generate the hashes. He starts with md5/sha1 (note, these are not recommended) but moves into more effective options like sha256, salted hashing and even bcrypting passwords with crypt.

Be sure to check out the comments for other security concerns and links to suggested tools and resources.