News Feed
Jobs Feed
Sections



Recent Jobs

News Archive
feed this:

Symfony Blog:
Symfony2 Security Audit
by Chris Cornutt October 07, 2011 @ 09:04:19

Fabien Potencier (of the Symfony framework project) has posted the results of a security audit that was performed on the framework by SektionEins.

The Symfony2 core team takes security issues very seriously; we have a dedicated procedure to report such issues, and the framework itself tries to give the developer all the features needed to secure his code easily. Thanks to our successful community donation drive, SektionEins performed a security audit on the Symfony2 code earlier this year. The audit is now over and the good news is that the Symfony2 code is pretty solid; only minor problems have been found. They have all been addressed now

Their findings included things like the Request component trusting certain headers, bad regex validation on datetimes, password encoding issues, cookie handling and exception handling issues. Links to the fixes for each are included in the post.

0 comments voice your opinion now!
symfony2 security audit sektioneins framework fix



DevShed:
Logging in PHP Applications
by Chris Cornutt December 08, 2008 @ 13:52:10

DevShed has posted a new tutorial today looking at one of the more useful tools a developer can add into an application - logging.

If there is no logging mechanism, then if there's a goof-up in a production environment, you have absolutely no idea what went wrong. The only thing which a support developer can do in this case is to reproduce the issue at the developer end, which sometimes work and sometimes don't.

The look at the types of logging (trace logs, audit logs and user logging/history) and create a simple class that allows flexibility for file location, priority and timstamping. Their script contains a writelog method that does all the work (including pushing it through the PEAR logging class).

0 comments voice your opinion now!
log tutorial pear trace audit history priority timestamp location


Chris Shiflett's Blog:
Brain Bulb Webcasts
by Chris Cornutt March 01, 2006 @ 18:09:09
In a continuing effort to share his PHP security knowledge with the community, Chris Shiflett has launched a new means of communication - Brain Bulb Webcasts.

I've been playing around with Snapz Pro lately. I originally intended to use it to help spice up some of my talks by offering prepared demos directly in Keynote, but I have also decided that it would be useful to offer various talks and demos to the PHP community.

The first Brain Bulb Webcast is PHP Security Audit HOWTO, a short video of one of my conference talk.

The webcast plays in QuickTime and lasts about 20 minutes with lots of good tips along the way.

0 comments voice your opinion now!
webcast brain bulb security audit howto snapz pro webcast brain bulb security audit howto snapz pro


Richard Davey's Blog:
PHP Life - Dreaded Words
by Chris Cornutt December 19, 2005 @ 06:49:50
The latest PHPLife from Richard Davey has been posted.

In this weeks 0 comments voice your opinion now!
comic PHPLife.org life audit comic PHPLife.org life audit



Community Events





Don't see your event here?
Let us know!

voicesoftheelephpant opinion conference database framework testing zendframework2 application introduction phpunit injection language release community podcast interview zendframework symfony2 unittest development

All content copyright, 2012 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework