News Feed
Jobs Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Project:
RIPS - Static Source Code Analyzer for Vulnerabilities in PHP Scripts
March 20, 2012 @ 10:34:35

Gareth Heyes has pointed out an interesting tool today for analyzing the source of your application and trying to discover security-related issues: RIPS

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

The project site lists out the features that come with the tool, what it searches for (including command execution issues, header injection, file manipulation and SQL injection) and some example screenshots of its interface. You can download the latest version and try it out for yourself.

0 comments voice your opinion now!
rips security analyze code tool project


Sebastian Bergmann's Blog:
Using CLANG/scan-build for Static Analysis of the PHP Interpreter
December 16, 2011 @ 09:48:07

In a new post to his blog Sebastian Bergmann takes a quick look at using a static analyzer, clang and scan-build, to analyze the PHP interpreter (specifically during the compile process).

I have been tinkering with CLANG's static analyzer lately. This post summarizes how I installed LLVM and CLANG and performed the analysis of a build of the PHP interpreter.

He includes all the commands (unix-based) to get the clang tools/libraries installed in the correct places as well as what to add to your $PATH to get the "scan-build" command to work with the make and make install parts of the PHP compile process.

0 comments voice your opinion now!
clang analyze build compile static install


Johannes Schlüter's Blog:
MySQL Query Analyzer and PHP
September 30, 2011 @ 12:56:54

Johannes Schlüter has a new post to his blog today mentioning the beta release of the mysqlnd_ms plugin (previously mentioned by Ulf Wendel and a new feature that can be plugged into the MySQL Enterprise Monitor to make the Query Analyzer directly use PHP instead.

When running a PHP-based application with MySQL it is often quite interesting to see what actually happens on the database sever. Besides monitoring of the system load etc. it is often interesting to see what queries are actually executed and which of them are expensive. A part of MySQL Enterprise Monitor is the MySQL Query Analyzer which helps answering these questions.

This was handled via a proxy that sat between the database and app server and ran through the queries looking for improvements. This new plugin keeps it closer to PHP itself without having to hit against the proxy. You can see the result in these two screenshots from inside the Manager application. You also have the side benefit of getting a stack trace of it running through the app to help you identify the spots most needing improvement in the code too.

0 comments voice your opinion now!
mysql query analyze mysqlndms plugin enterprise monitor


Sebastian Bergmann's Blog:
Towards Better Code Coverage Metrics in the PHP World
June 20, 2011 @ 08:10:57

Sebastian Bergmann has a new post to his blog talking about some of the future plans for better code coverage metrics for PHP applications (not just the statistics that we have now as generated from PHPUnit runs combined with Code_Coverage PEAR package and Xdebug).

Xdebug currently only supports what is usually referred to as Line Coverage. This software metric measures whether each executable line was executed. Based on the line coverage information provided by Xdebug, PHP_CodeCoverage also calculates the Function / Method Coverage software metric that measures whether each function or method has been invoked.

The various kinds of coverage they're planning the in future include statement coverage, branch coverage (boolean evaluation), call coverage, path coverage with an alternative of linear code sequence and jump coverage (LCSAJ).

0 comments voice your opinion now!
codecoverage metrics analyze code xdebug phpunit phpcodecoverage pear


Web Development Blog:
404 Errors Report, monetize and analyse
June 14, 2010 @ 12:55:05

On the Web Development Blog today there's a new post about 404 pages and some of the things you can do to make them a bit more useful than just a "not found" message.

After your websites getting more pages and links, the chance that a visitor will follow a dead link to your site exists. If a visitor is trying to access a page on your site, the server will report (normally) a 404 error. The response is by default some unfriendly page with some spare information about the error which let most visitors stop visiting your site. But using the 404 error the right way, you the site owner can collect important information.

He talks about some of the data that could be collected - what page they were requesting, where they came from, access statistics and more. The tutorial shows you how to harvest some of this information and how to put Google's Search and Adsense tools on the page as well as Google Analytics for tracking.

0 comments voice your opinion now!
error page monetize analyze


Ibuildings techPortal:
phploc PHP Lines of Code
January 28, 2010 @ 08:59:36

On the Ibuildings techPortal today there's a new article from Lorna Mitchell looking at the phploc tool as a way to analyze your code and pick out a whole selection of statistics.

This has been a feature of PHPUnit for some time but has been released as a separate project in the phpunit pear channel. The nature of PHPUnit means that many of these statistics can be collected while the tests are running, which is why it was added to that tool in the first instance.

Stats gathered include the number of directories, files, interfaces, methods, functions and constants with more details for each (like visibility, actual lines of code contained in them and the cyclomatic complexity). The tool is very simple to use - just call it from the command like and give it a path to your codebase. It does the rest and spits out a text-based report.

0 comments voice your opinion now!
phploc lines code analyze phpunit


Blue Parabola Blog:
Coding Standard Analysis using PHP_CodeSniffer
March 17, 2009 @ 07:57:47

Over on the Blue Parabola blog Matthew Turland recently posted a new tutorial on using the PHP_CodeSniffer PEAR package to check out how well your code adheres to the coding standard of your choice.

For the sake of consistency [on a client project], the development team had stuff with the coding standard used by the framework itself. However, evaluating the code manually is tedious and time-consuming. There's a solution to this type of problem: the PHP_CodeSniffer package from PEAR, which builds an infrastructure around tokenizers for PHP, CSS, and JavaScript and utilities to detect coding standard violations within code in any of those languages.

He includes an example token output (the codesniffer package is based on the Tokenizer) from a script and walks you through the initial setup of the package, how to create "sniffs" for the code you want to analyze and how to run them using the popular unit testing tool PHPUnit.

0 comments voice your opinion now!
phpcodesniffer sniff coding standard kohana analyze pear phpunit


Christian Stocker's Blog:
Upload Progress Meter extension 0.9.2 released
January 22, 2009 @ 09:36:38

Christian Stocker has released the latest version of the uploadprogress extension to the PECL repository (0.9.2). The package allows the code to track the progress of an upload automatically.

The main new function since 0.9.1 is uploadprogress_get_contents($id), which allows you to analyse the content of an uploading file during the upload and do appropriate measure (for example warn the user, that he doesn't upload a supported video format). You have to enable this feature in php.ini to make it work. This feature was provided by Ben Ramsey, so you have to poke him, if something's wrong with it.

A simple example of it in action is also included (in the /examples subdirectory off of the PECL page) showing how to upload a file, get the progress and - most importantly - how to get useful error messages out of it.

0 comments voice your opinion now!
upload progress pecl extension example contents analyze


Matthew Turland's Blog:
Log Analysis and PHP
September 03, 2007 @ 21:41:28

In a new post, Matthew Turland looks at one thing that he feels is missing from a lot of the PHP functionality currently available in the community today - log analysis features.

Log analysis is a fairly common task in the field of web development, most often analysis of web server traffic logs or what Wikipedia refers to as web analytics. PHP has no officially supported extensions designed specifically for log analysis. There are no related extensions in PECL. The only remotely related extension in PEAR is PEAR_Log, which for generating logs rather than parsing or analyzing them. In short, there is no common solution here.

He looks at the options that developers do have - make their own solution or go with a third party option. He believes, though, that a PECL extension would be more the way to go, integrating with PHP more closely and allow for easier parsing and manipulating of the data in their own log files.

1 comment voice your opinion now!
log analyze pecl extension thirdparty log analyze pecl extension thirdparty


Drupal.org:
Tuning your server for optimal Drupal performance
April 19, 2006 @ 07:14:14

On the Drupal site, there's a handy article instructing you on getting the most performance out of your server for the Drupal software.

The performance of your Drupal site is dependent on three main factors: the goals of your site, the resource demands of your site traffic, and the system performance and configuration of underlying technologies.

They seperate it out into three different sections - setting out your performance goals, analysing your site for current traffic/resource consumption, and the actual implementation of the performance settings. They give a few steps here to follow to check what your server is currently using and some links to other tips on tuning the various pieces of the puzzle.

One thing that they mention that's worth repeating to any and all web developers out there: "Apache is bandwidth limited, PHP is CPU limited, and MySQL is memory limited and disk I/O bound".

0 comments voice your opinion now!
optimal drual performance identify analyze understand execute optimal drual performance identify analyze understand execute



Community Events











Don't see your event here?
Let us know!


podcast component hhvm security release install database composer language facebook framework introduction opinion performance application unittest hack symfony2 series package

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework