News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Protecting Your Keys From GitHub
March 05, 2015 @ 12:03:05

On the NetTuts.com site there's a new post talking about protecting your keys when using a public site like GitHub. This relates to an easy thing to forget - removing hard-coded credentials from code before pushing it public.

In December 2014, Slashdot ran an alarming story Bots Scanning GitHub To Steal Amazon EC2 Keys, based on developer and blogger Andrew Hoffman's experience trying out Ruby on Rails on Amazon with AWS S3. He inadvertently committed an application.yml file with his AWS keys. [...] It's an easy mistake and most of us have probably done a similar thing at one point or another. And it's not just AWS keys that are at risk. As our use of cloud-based services increases, the expanding use of a broad variety of service API keys can be leveraged by hackers and spammers alike.

He goes through a solution he's found to help protect those credentials, in this case working with the configuration of a Yii framework-based application. He starts with a mention of .gitignore but points out that it could have unexpected results from "quirks" in its handling. He suggests a different option - using a configuration file that lives someplace outside of the main git directory and can be referenced directly from inside the application. He provides two kinds of examples: one using a PHP-based configuration and another based on an INI file. He finishes the post with a mention about WordPress plugins and the fact that they're (usually) stored in a database and open to exposure if a SQL injection vulnerability is found.

0 comments voice your opinion now!
github protect keys commit public exposure configuration file gitignore

Link: http://code.tutsplus.com/tutorials/protecting-your-keys-from-github--cms-23002

Benjamin Eberlei:
Integrate Symfony and Webpack
February 26, 2015 @ 10:21:40

In his latest entry Benjamin Eberlei shows how he integrated Symfony and Webpack, a tool that makes it simpler to package up multiple assets (like Javascript or CSS files) and reduce them down to combined files, reducing the overhead on page loads.

Asset Management in Symfony2 is handled with the PHP based library Assetic by default, however I have never really connected to this library and at least for me it usually wastes more time than it saves. [...] While researching about React.JS I came across a tool called Webpack which you could compare to Symfony's Assetic. It is primarily focussing on bundling Javascript modules, but you can also ship CSS assets with it.

He talks about some of the main benefits to using the Webpack tool including a built-in web server to serve up the assets and a "hot reload" plugin that refreshes when assets change. He then gets into a more practical example, showing how the tool works with a typical asset structure in a Symfony application. He shows how it uses the internal server to prevent the need for a complete rebuild each time. He also shows how to install and configure it through Symfony and loading the Javascript file in your Twig template. Finally he shows how to run a build, the resulting output and the integration he mentioned with React.js.

0 comments voice your opinion now!
symfony asset webpack tool tutorial introduction configuration install

Link: http://www.whitewashing.de/2015/02/26/integrate_symfony_and_webpack.html

Servers for Hackers:
Deployment with Envoy
February 11, 2015 @ 13:09:31

The Servers for Hackers site has a new post walking you through the steps to deploy a PHP application with Envoy, the Laravel-based ssh task runner to make automated deployment simpler.

We'll use Laravel's Envoy to deploy a PHP application to a production server. This will make a new release directory, clone the repository into it, run any needed build steps, and then finally swap the new code out with the older code, so that Nginx and PHP-FPM serve the new code.

They walk you through the full setup you'll need to get the deployment working including generating ssh keys, installing Envoy globally and making the first Envoy configuration file. With that in place and working, he enhances it with quite a few more steps including checking out a new version of the repository to a "release" directory, executing Composer to pull in needed libraries and changing the symlink to point the document root and the freshly installed version. He also includes the configuration for the Nginx server to set up a Laravel-based application inside of a Vagrant VM instance.

0 comments voice your opinion now!
envoy deployment laravel tutorial nginx configuration automation

Link: https://serversforhackers.com/deploy-envoy/

Dutch Web Alliance:
Capifony, Continuous Deployment and Symfony's parameter.yml
December 15, 2014 @ 12:10:50

On the Dutch Web Alliance site today they've posted a tutorial about their use of Capifony for Symfony application deployment and how it relates to updating the "parameter.yml" file. They describe their current deployment process, how it works with the different environments and how they solved the one manually problem they had.

The actual deployment is thus dealt with by capifony. This is a plugin for capistrano written for deploying Symfony applications. [...] Capifony automatically deals with cloning the correct branch on the servers, installing dependencies through composer, migrating database versions etc etc. Basically we don't have to care about anything else. However, there is one single thing that still keeps on bugging us: when we want to upgrade to a new parameters.yml, we must do this manually. This means that our builds will break when we deploy a version that requires an updated parameters.yml until we manually solve the issue.

To get around this manual issue, they decided on creating a new Capifony task that does an upload/download of the parameters file, depending on the environment.The continuous deployment can then push or pull the file as needed in a more automatic way.

0 comments voice your opinion now!
continuous deployment paramatersyml configuration capifony capistrano task

Link: https://dutchweballiance.nl/techblog/capifony-continuous-deployment-symfonys-parameter-yml/

php[architect]:
Build a VM for Drupal 8 with Vagrant
November 26, 2014 @ 10:22:22

A new tutorial has been posted on the php[architect] site today showing you how to build a VM for Drupal 8 with the help of Vagrant.

At this year's php[world] hackathon, I spent my time getting a Vagrant machine configured to run Drupal 8. I know there are other options, like Acquia's own Dev Desktop, or even Zend Server. However, I like using Vagrant to run my LAMP stacks, especially on OS X. I've never been able to easily run xAMP on non-Linux machines. Installing MySQL can be a pain, system updates can change the version of PHP you're running, and some PHP extensions are really difficult to build-even with Homebrew. Vagrant simplifies getting a working development environment running by automating the provision of a virtual machine for you, usually with a tool like Chef, Puppet, or Ansible.

Oscar (the author) took advantage of some time at the php[world] hackathon to create the necessary files for building this environment. He walks you through the steps to creating the basic vagrant file with "config" options (explaining each one) and walks through the setup of additional options, software like Apache and Drupal. He then sets up the Ansible configuration to create the box, run the provisioning and configuration of the resulting server. Finally, he shows the result of the install if everything was successful.

0 comments voice your opinion now!
drupal8 vagrant vm virtualmachine tutorial introduction configuration provision

Link: http://www.phparch.com/2014/11/build-a-vm-for-drupal-8-with-vagrant/

Dejan Angelov:
Experimental upgrading to Laravel 5 How I did it
November 24, 2014 @ 12:57:18

In a recent post Dejan Angelov shares the process he went through to upgrade an application to Laravel 5, yet to be released (at least at the time of this post).

Over the past weeks, Taylor introduced many great changes and new features that we'll be able to use in the new version, firstly numbered 4.3 and later 5. According to the framework's six month release cycle, it should had hit stable late this month or in early December. Because of that, I started to play with it and to apply the changes to make my application use it.

However, a couple of days ago, Taylor wrote a blog post on the Laravel's blog saying that because of the importance of this release, the release date will be postponed to January. Considering this, everything you'll read here MUST NOT be applied to applications that are currently in production.

He starts with some of the major differences, including changes in the dependencies required and the removal of the "start.php" file for bootstrapping the application. He talks about the changes in startup and shutdown as well as autoloading. He looks at directory structure changes and the addition of a base namespace. He then gets into how to fix these issues, one at a time, including code and configuration changes that need to be made. This includes updates to the facades, changes for middleware, environment configuration, pagination and routing. There's lots of other changes happening with Laravel 5, so be sure to check out the full post if you're interested in the steps you might need to take when this latest version is released.

0 comments voice your opinion now!
upgrade laravel5 framework change configuration code fix

Link: http://angelovdejan.me/2014/11/22/experimental-upgrading-to-laravel-5-how-i-did-it.html

Mattias Geniar:
The PHP circle from Apache to Nginx and back
November 20, 2014 @ 10:26:28

In this new post to his site Mattias Geniar goes in circles...from Apache to Nginx and back in terms of how it relates to PHP.

As with many technologies, the PHP community too evolves. And over the last 6 or 7 years, a rather remarkable circle has been made by a lot of systems administrators and PHP developers in that regard.

He talks about the "early days" and the rise of Apache as the "A" in the LAMP stack. Then Nginx was created/released and PHP developers saw it as a viable option. He talks about how PHP worked with this server and the solutions that were found to "hack" them together. There were issues around the relationship, though, and - in the author's perspective - the circle has come back around to Apache, just with a bit more smarts about how it's configured.

0 comments voice your opinion now!
circle apache webserver nginx opinion configuration phpfpm

Link: http://ma.ttias.be/php-circle-apache-nginx-back/

SitePoint PHP Blog:
Getting Started with Symfony2 Route Annotations
November 06, 2014 @ 09:27:25

On the SitePoint PHP blog today there's a new tutorial posted that gets into the details on one of the powerful (and most used) components of the Symfony framework, the Router, and how to interact with it via annotations. Symfony's route annotations allow you to define functionality at the controller level or via a YAML configuration file.

When you download the Standard Symfony 2 Distribution, it includes an interesting bundle named SensioFrameworkExtraBundle which implements a lot of great stuff, especially the opportunity to use annotations directly within your controllers. The idea behind this article is not to convice developers to embrace this way of doing, but to point the finger at an alternative method to easily configure controllers. Keep in mind that there is no magic recipe, it depends on what you need in each specific scenario. Symfony 2 implements a strong built-in component to manage all the routes of an application: the Routing Component. Basically, a route maps a URL to a controller action.

His example sets up a simple blog and compares the two ways of configuring the routing: one side putting it all in the YAML configuration and the other in the controller docblocks (annotations) themselves. He adds a base page for showing the listing of posts and a single article route, complete with slugs. He also shows how to add in some additional configuration handling to do things like set default values, making things required and enforcing the HTTP method on the request (GET, POST, PUT, etc)

0 comments voice your opinion now!
route annotations introduction docblock tutorial yaml configuration settings

Link: http://www.sitepoint.com/getting-started-symfony2-route-annotations/

Matthias Noback:
Composer "provide" and dependency inversion
October 06, 2014 @ 09:53:20

Matthias Noback has a new post today responding to a recent post talking about virtual packages with Composer (using "provide") and some of his own thoughts of how it relates to dependency inversion.

This is a response to Peter Petermann's article Composer and virtual packages. First, let's make this totally clear: I don't want to start an Internet war about this, I'm just pointing out some design issues that may arise from using Composer's provide option in your package's composer.json file. [...] Yes, if a user wants to run the code in your library, they need to have some class that implements [the "provides" requirement]. But no, this shouldn't be reflected in the dependencies of the library. Let me explain this by taking a look at the Dependency inversion principle.

He gives an example of using a specific package for logging (the Zend logger) and how that hard-coded dependency can be refactored out using one of two methods: either a custom interface or one described elsewhere. Getting back to "provide", he lists some reasons why he thinks that defining the interface itself in the Composer configuration is a good idea. These include:

  • Strictly speaking (as in, would the code compile), the code from the library itself [...] just needs the LoggerInterface (which happens to be in the psr/log package).
  • By depending on an implementation package, you basically undo any effort you made to depend on abstractions and not on concretions.
  • Some day, someone may decide to introduce another virtual package, called the-real-psr/log-implementation.
  • The notion of an "implementation package" is really vague. What does it mean for a package to be an implementation package.

Each of the reasons has a bit of description to go along with it. He also points out an interesting example where the package actually knows about existing virtual package, the DoctrinePHPCRBundle and its use of "jackalope" and "phpcr".

0 comments voice your opinion now!
composer dependency inversion provide configuration interface

Link: http://php-and-symfony.matthiasnoback.nl/2014/10/composer-provide-and-dependency-inversion/

SitePoint PHP Blog:
Asset Access Restriction Methods - Block Unwanted Visitors
September 05, 2014 @ 10:11:45

In a new tutorial from the SitePoint PHP blog today Jeroen Meeus looks at a way to protect parts of your application from being used and abused. He shows you how to protect various parts of you site, including images and actual pages, with the help of either your web server or bits of code.

When building an awesome web app or website, we sometimes want people to be able to embed parts of our web app/website into their own. That could be an iframe holding a 'like' button, a simple image that they want to reuse or even our entire app embedded in an iframe. But how do we control who has access, who is allowed to use up our bandwidth and query our service? We define the problem as controlling access to assets. By assets we mean: anything that can be queried from our site.

He talks about the problem of "lifting" content and how to fall back to a "deny all, allow some" mentality. He starts with examples of Apache configurations that use mod_rewrite to only allow requests that come from the current domain (trusted) and the "files" directive coupled with Deny/Allow. He also includes an nginx example, showing the same request handling. The code examples show how to use PHP and Javascript to prevent access the same way.

0 comments voice your opinion now!
asset protection method webserver configuration code tutorial

Link: http://www.sitepoint.com/asset-access-restriction-methods-block-unwanted-visitors/


Community Events

Don't see your event here?
Let us know!


laravel opinion framework interview version community release security list voicesoftheelephpant example introduction library php7 extension podcast series language laravel5 api

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework