News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint Web Blog:
HTTPS Basics
April 02, 2014 @ 09:06:08

If you're relatively new to web development, you might not know exactly what kinds of benefits that using an HTTPS connection might provide. In this new article from the SitePoint PHP blog, Mufleeh Sadique covers some of the basics of HTTPS and gives some reasons why to "go HTTPS" in your applications.

Hypertext Transfer Protocol Secure or Hypertext Transfer Protocol over SSL is used for secure communication over a network, or perhaps more importantly - over the Internet. You would see https:// in the URI and a lock icon in the browser when you access a page that uses HTTPS. [...] If you ever wondered whether and how to go HTTPS with your website, we'll attempt to clear this up in this article by briefly describing what HTTPS is about, and why and how to implement it.

He's broken the rest of the article up into a few different sections. The first answers the question "why HTTPS" with a few reasons including the most important - encrypted communication. In the second section, he starts showing you how to "go HTTPS" using a self-signed certificate to start. With the certificate installed, he moves into the last part, ensuring your application is always using the HTTPS version and redirecting anything else.

0 comments voice your opinion now!
https introduction why how selfsigned certificate install configure

Link: http://www.sitepoint.com/https-basics

PHPMaster.com:
Create Digital Tickets with PHP and Apple Passbook
May 30, 2013 @ 09:11:36

On PHPMaster.com today there's a new tutorial showing you how to create digital tickets using PHP and the Apple Passbook service.

Why should we PHP warriors care at all about Apple's Passbook? Well first because Apple made this technology open (well, sort of…), second because it can be used outside iOS devices, and third because it involves a lot of well-known and loved technologies like JSON and RESTful APIs. I'd also add that it's a very interesting piece of technology, but that's my personal opinion. In this article I'll show you how I built a sample web application that creates and distributes passes in the form of a "PHPMaster Membership Card". It is not a full-featured product, but it's a nice base to build on for more serious real world uses.

He talks about the concept of a "pass" (a digitally signed document that can be easily distributed) and the types that the Apple service lets you make. His example (sample code here) is Silm based and Idorim & Paris for the data handling. He talks some about the certificate handling that's involved and the structure of the application including the certs, application code, templates and images. He then works through the code step-by-step and explains what each part does and how it connects with Apple's service to generate the pass.

0 comments voice your opinion now!
apple passbook tutorial ticket digital signed certificate

Link: http://phpmaster.com/create-digital-tickets-with-php-and-apple-passbook

Artur Ejsmont's Blog:
How to properly secure remote API calls over SSL from PHP code
September 19, 2011 @ 13:56:00

Artur Ejsmont has a new post with a passionate call to arms for anyone who thinks that just because their URL has "https" in it, it's secure. He presents his suggestion on how to properly secure SSL API calls for your PHP application.

Lets make something clear from the very start: JUST BECAUSE THERE IS https:// IN THE URL OF THE REMOTE SERVICE IT DOES NOT MEAN THE CONNECTION IS SECURE! I am sorry for the tone of this post but i am enraged by how popular this issue is online. If you ask why i suggest a little experiment [involving changing your hosts file and using a self-signed certificate].

The issue he spotlights is all too common - a server serves up SSL pages but doesn't actually verify the certificate in the process. He gives a bad example of how some scripts handle this issue using the CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to turn off this verification - a very bad idea. To protect yourself from any kind of man-in-the-middle or DNS hijack issues, you should leave these on.

0 comments voice your opinion now!
ssl certificate api call protect verification


Vanessa Vasile's Blog:
Simple Way to Parse an x509 Certificate with PHP
November 04, 2010 @ 11:19:34

In a new post to her blog, Vanessa Vasile has a reminder about a built-in PHP function that can help quite a bit when you're working with SSL certificates - openssl_x509_parse.

PHP has a nifty little function for parsing an x.509 SSL certificate into an array to easily pull out the elements: openssl_x509_parse. Essentially, all you need to do is load up the contents of the certificate, either through a file or POST value, and enclose it in the array.

She includes a code snippet that pulls in the certificate contents, calls the function and puts it into an array that's easy to loop through and get values and subvalues from the results. The PHP.net manual page doesn't have a documented list of the return values because a constant result hasn't been defined. You'll need at least PHP 5.2 to use the function.

0 comments voice your opinion now!
parse x509 certificate parse tutorial


PHPBuilder.com:
Write an Ajax-driven Login Application in PHP Using SSL/TLS
September 09, 2010 @ 10:29:03

On the PHPBuilder.com site today there's a new tutorial posted from Octavia Anghel about creating a login for your site that's powered by Ajax and uses a bit more security than normal. It includes hooks to use the Ajax Server Secure Layer or an OpenSSL connection.

In this article you will learn how to write a login application in PHP using Ajax and SSL/TLS in two ways either using aSSL (Ajax Server Secure Layer), a library that implements a technology similar to SSL without HTTPS or a simple Ajax and OpenSSL, an open source implementation of the SSL and TLS protocols.

They start with the aSSL method and link you to a download of the tool as well as some sample code to help you get started passing data to it via the session. The second example shows the OpenSSL method, mostly consisting of checking on the server side of the certificate that's passed along with the request.

0 comments voice your opinion now!
ssl tls secure certificate assl openssl ajax


Juozas Kaziukenas' Blog:
PayPal payment with encryption
February 23, 2009 @ 12:04:28

Juozas Kaziukenas points out a new class in his latest blog post that can be used to make secure connections over to PayPal (encrypted) using their Encrypted Website Payment method.

In my situation, PayPal is only used to pay for orders - cart and order setup is done in our shop, so I do not want to have additional problems with users changing orders numbers, amount to be paid, etc. [...] Only PayPal knows how to decrypt it, because it uses public key encryption technology (you need to upload your certificate in PayPal account).

Some sample usage code is included as is a link to the class itself. His example takes a payment transaction including the item name, amount and currency type and sends it off to the PayPal servers in a connection protected by certificates.

0 comments voice your opinion now!
paypal encryption payment secure certificate gateway tutorial class


Community News:
O'Reilly Offers PHP/SQL Certificate Series
November 14, 2008 @ 12:03:35

The O'Reilly School of Technology now offers a series of PHP certification classes developers can attend to learn more about PHP and SQL on a variety of projects.

The PHP/SQL Programming Certificate Series is comprised of four courses covering beginning to advanced PHP programming, beginning to advanced database programming using the SQL language, database theory, and integrated Web 2.0 programming using PHP and SQL on the Unix/Linux mySQL platform.

They currently offer three courses:

Another class will be released in December 2008 - PHP/SQL 3: Seamless Web 2.0 Integration . The classes come it at a bit under $400 USD and include access to an online sandbox for testing (complete with web server, unix-shell and database installations). Completion of all four courses earns the student a certification from the University of Illinois's Professional Development department.

0 comments voice your opinion now!
oreilly certificate series sql universityofillinois database logic design web20


PHP-Security.net:
X.509 PKI login with PHP and Apache
May 30, 2008 @ 17:05:59

Christopher Kunz has relaunched his php-security.net domain with a brand new blog and a new article posted today - "X.509 PKI login with PHP and Apache".

Since grid computing (that's what I'm currently doing) also is very much about Single-sign on and delegation of rights, username/password authentication schemes don't quite do it for us. Thus, a PKI (public key infrastructure) based on X.509 is employed.

He explains the acronym soup by defining the process as advanced means of "showing the web who you are". He explains some of the basics about the certificates and who good candidates for this type of authentication are. Then the tech starts - how to get Apache configured to use them and how to use them in PHP to authenticate the external user (requiring OpenSSL compiled in to access the needed functions).

0 comments voice your opinion now!
x509 pki login apache certificate tutorial openssl



Community Events





Don't see your event here?
Let us know!


zendserver community conference interview podcast developer list library tips deployment api language laravel release voicesoftheelephpant symfony framework bugfix series introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework