News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Code Yellow Blog:
What Your Framework Never Told You About SQL Injection Protection
May 23, 2014 @ 13:51:20

The Code Yellow site has recently posted an article pointing out an issue that's all too common in PHP frameworks, more specifically those that bundle some kind of ORM into their functionality. They wonder if your framework is telling you everything about what they're doing to prevent SQL injection.

We've discovered that SQL injection is to this day not a fully solved problem, even in most popular frameworks. In this post, we'll explain how these frameworks fail at escaping parts of a query, culminating in the discovery of a critical vulnerability in the popular Laravel framework which affects a large percentage of applications.

He starts with an illustration using the FuelPHP framework and the protection it offers from garden variety SQL injection attempts. Unfortunately, things start to break down when it gets much past this typical case. They found this same issue to be a wide-spread problem in many PHP frameworks and tools including the Laravel, CodeIgniter and CakePHP frameworks, each with their own ORMs. He also talks about issues with blacklisting and whitelisting and how, sadly, most of the frameworks just don't support it for model data filtering. There's a mention of some of the work they've done to help try and fix the issue (including patches and contacting authors) and some recommendations of how to correctly quote identifiers in SQL statements.

0 comments voice your opinion now!
sqlinjection framework whitelist blacklist identifiers escape prepared statements

Link: http://www.codeyellow.nl/identifier-sqli.html

Mike Lively's Blog:
Improved PHPUnit Filters
February 03, 2009 @ 09:32:26

In a recent post to his blog Mike Lively looks at some improvements that he's worked up for the popular PHP unit testing software - PHPUnit - in regards to its filters.

I have finally gotten some time to do some long awaited work on PHPUnit. The first on my agenda was a small improvement to filtering. This was related to ticket #526. Essentially I added the ability to do both white list and black list filtering.

Besides the Include methods you can add to the data set's filtering, you can also add in Exclude filters to remove the data you don't want in the set. They can also be combined to customize your data set to your heart's content.

0 comments voice your opinion now!
input filter phpunit include exclude whitelist blacklist


NETTUTS.com:
The Best Ways to Fight Spam
October 06, 2008 @ 09:30:28

Spam is a constant burden for anyone on the web, be it through email or via something like comments on a website. The NETTUTS site can't help so much with the first one, but they've come up with a new tutorial that can help with the second with a few methods.

Deciding on the best method of spam prevention on your blogs, forums, or even contact forms can be difficult. In this article we will take a look at a service called Akismet and how it can help. We will also look at why some other methods of fighting spam fail.

They give a few ways to waylay the spammers including:

  • Disallowing multiple consecutive submissions
  • Keyword Blacklist
  • CAPTCHA
  • and a service called Akismet

They go into a bit more detail on this last one, even going so far as to included code (this class) and examples of how to let the Akismet service see if something is spam or not. Links to libraries for other languages are included too.

0 comments voice your opinion now!
fight spam captcha consecutive keyword blacklist akismet tutorial


Sebastian Nohn's Blog:
Using Net_DNSBL and Nagios to check if your SMTP server is listed in a RBL
October 05, 2007 @ 10:22:00

Sebastian Nohn has created a handy little script using PEAR packages to work with a Nagios installation to perform an automatic check - validating that your domain isn't listed with the given black lists.

RBLs are a great way to get rid of a lot of SPAM (if you choose the right ones). On the other hand you (and users of your mail server) get in big trouble if your SMTP server gets listed on a common RBL.

Checking this manually is a job that sucks a lot, checking this automatically is an easy job with Nagios, PHP, Net_DNSBL and Console_Getopt.

He includes the parts you'll need - grabbing the PEAR package, the PHP script to make the request and the changes you'll need to make to the configuration files to make it all work together.

0 comments voice your opinion now!
netdnsbl nagios smtp blacklist check pear package netdnsbl nagios smtp blacklist check pear package


DevShed:
Creating an Administration Area for a Simple Threaded Discussion Forum
October 23, 2006 @ 12:12:00

DevShed continues their look at creating a simple treaded discussion foum with part two in the series, a focus on creating the administrator panel to help you manage users and the topics/comments they make.

This article, the second of two parts, will show you how to set up an administration area for a threaded discussion forum, and some of the functions you might want an administrator to manage.

Included is the functionality to get a listing of all of the topics, delete topics quickly, start a new topics, and manage a "blacklist" of bad words to keep out of the discussions. Of course, the code is all there and they explain each piece of it. They keep it simple though - the code is pretty procedural with only functions dividing up the functionality into the pieces.

2 comments voice your opinion now!
administration forum simple tutorial threaded blacklist topics function administration forum simple tutorial threaded blacklist topics function


SitePoint PHP Blog:
Zend_Filter Reviewed, Blacklist / Whitelist Filters
March 28, 2006 @ 18:20:37

The Zend Framework has definitely made a huge splash in the PHP community, and everyone is picking their piece of it to cover. In this new post from the SitePoint PHP blog, Maarten Manders highlights the Zend_Filter module.

I like Zend Framework's Zend_Filter class. It's basically a set of methods for validating untrusted data. Although the two arguably most important features isEmail() and isUri() (the latter can be worked around with Zend_Uri) are still missing, the whole thing looks promising already.

He starts with a few of his thoughts on the package ("Clean up the code of isHostname", "International support for isPhone") and some code to show how it can be implemented - filtering for use in a regular expression, validation of a string by a character whitelist as well as blacklisting, and using the Zend_Filter module for a more flexible isName.

0 comments voice your opinion now!
zend framework zend_filter whitelist blacklist zend framework zend_filter whitelist blacklist



Community Events





Don't see your event here?
Let us know!


list wordpress community api interview series podcast library introduction install application language developer laravel symfony threedevsandamaybe release code configure bugfix

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework