On the Mayflower blog today there's a new post sharing a Zend Framework application.ini "cheat sheet" with links to pages in the ZF manual explaining the details about each of the front controller options.

All this is long gone in the past since the introduction of Zend_Application and the bootstrapping resource adapters. Zend introduced a standard bootstrapping mechanism into their framework. Many of the options from different framework components can now be configured in the applications configuration file application.ini. One problem persists although: the documentation. All the parameters for components like View, Session, Database etc. are documented either with the bootstrap resource, the component itself or both.

They've posted it to github complete with sections detailing:

• CacheManager
• Db
• FrontController
• Layout
• Navigation
• Router
• Translate

...and quite a few more. This is a great reference for anyone using the Zend Framework, no matter your experience level.

In this recent post to his blog Anson Cheung provides a set of helpful hints for sysadmins to follow when installing (or just securing) the PHP installations on their systems.

PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enhance PHP Security Best Practices under Linux environment.

His tips include:

• Reducing the built-in PHP modules
• Logging all PHP errors
• Disabling remote code execution
• Disabling dangerous PHP functions
• Write protection on Apache, PHP & MySQL configuration files

Michael Nitschinger has a new post for the Lithium framework users out there - a quick tutorial about encrypting your session information with the new built in "Encrypt" strategy feature.

If you check out the master branch, you can use the new Encrypt strategy to encrypt your session data automatically. This means that you can read and write session data in cleartext and they will be encrypted on the fly before getting stored (in a cookie, for example).

You'll need the mcrypt extension installed for it to work correctly, but it makes storing the encrypted version of your data more or less automatic. Just set up your Session configuration to use it as a strategy and any time you call a "read" or "write" the hard work is handled for you. For those more interests in what's "under the hood" he goes on to talk about how the strategy works, what cipher it uses by default, how to change it and the default string to use in hashing.

On PHPMaster.com today Callum Hopkins has written up an introduction to the php.ini, the heart and soul of any PHP installation. With configuration options for just about everything, it can be confusing. This tutorial hits some of the highs and most commonly updated settings.

Anyone who has a server using PHP has undoubtedly heard of php.ini - it's the configuration file used to control and customize PHP's run-time behavior. It provides a simple way to configure settings. [...] In this article I'll give an overview of some important settings I believe you should be concerned with when tweaking your own php.ini file.

The tutorial's broken up into a few different topics:

• the PHP engine
• Short tags
• Output buffering
• Automatic headers and footers
• Handling errors
• Time zones

Henrik Bjørnskov has a quick new post today showing how to combine two powerful technologies into a simple, configurable autoload system in a Symfony Travis-CI build with Composer.

To integrate your project with travis the only thing necesarry is to have a .travis.yml file and a working PHPUnit test setup like http://github.com/simplethings/SimpleThingsFormExtraBundle. Where the Tests/vendors.php script is executed before the tests are perfomed. But it would be way cooler to just have Composer handle the autoloading and dependencies.

A sample .travis.yml file is included in the post (also here) as well as instructions for grabbing dependencies and including the autoload process in your application's bootstrap.

Anson Cheung has a new post sharing eight things to change on your PHP install to help make things a bit more secure (from a platform standpoint, not in the code).

Obviously, PHP+ MySQL + Apache is a popular web technology.Its components are powerful, versatile and Free. However, the default settings ship with PHP is not suitable for production sites. Here, it is a check list of settings that are intended to harden the default PHP installation.

The list of eight includes things like:

• Disable Register Global
• Posing Limit
• Hiding The Presence Of PHP
• Advanced Safe Mode setting

In a new post to his blog Padraic Brady takes a look at dependency injection in Zend Framework 2.0. In this first part, however, he introduces the concept of "dependency injection" and offers a few suggestions on its use and tools that can make it simpler.

If you've been watching the PHP weather vane (we call it Twitter for short), you may have noticed a shift in Symfony and Zend Framework. Version 2.0 of both web application frameworks feature Dependency Injection Containers (DICs) as the primary means of creating the objects (and even Controllers) your application will use. This is an interesting shift in a programming language that often stubbornly evaded adopting DICs to any great extent.

He introduces dependency injection (DI) as a method for "injecting" objects and configurations into other interfaces without any specific kind of relation between the two. Part of several DI implementations is a container that does some of the magic object creation for you. He applies this concept to a Zend Framework structure and talks briefly about why these containers are "the devil" because they (usually) add complexity where none is needed. He points out one container library, Pimple, that gets it right in his opinion - defining object creation as closures. In the next part of the series, he'll compare the Zend Framework's DI setup against Pimple (and Symfony's) implementations.

Ulf Wendel has a new post that compares the performance of a classic method for using the mysqlnd plugin in MySQL replication to mysqlnd_ms, the replication and load balancing plugin for the mysqlnd driver (that works with the mysql and mysqli functionality and is, as of this beta of PHP, the default driver for MySQL connections).

Recently I was asked if PECL/mysqlnd_ms should be used to add MySQL replication support to a yet to be developed PHP application. The mysqlnd plugin, which supports all PHP MySQL extensions (PDO, mysqli, mysql), stood up against a classical, simple, proven and fast approach: one connection for reads, one connection for writes. Let's compare. This is a bit of an unfair challenge, because PECL/mysqlnd_ms was designed as a drop-in for existing applications, not optimized for those starting from scratch, *yell*... The plugin stands up quite well, anyway!

He starts with a look at the "classical pattern" of using a factory or singleton to make a database object instance that gives back different connections for reads versus writes (slave vs master). The mysqlnd_ms plugin allows you to define configuration settings to tell the queries to automatically go to certain places for different actions. For example, you could use "master_on_write" to tell it to use a master node if you're doing an INSERT or UPDATE versus a SELECT. He also shows a more complex example using a SQL hint and one issue that might come from the "human element" - not paying attention to database character sets.

In this recent post to Theme.fm they have a guide to deploying your WordPress site (or really any sort of PHP-driven site) with Capistrano. There's some WordPress specific bits in there, but it's a good overall guide to deployment with this handy tool.

I'm not a Capistrano expert (yet) and in this post I'll try to give you an overview how to set it up and how to deploy WordPress applications (websites) in seconds. We'll work with only one server today but the principles in deploying to two or more are pretty much the same.

He starts by introducing Capistrano and talking about some of the major benefits it can bring to you and your project (most importantly - simple deployments). The tutorial helps you install Capistrano and get it set up to work with your Github repository to pull the source. The WordPress specific bit has to do with configuration files and suggests an "if" check to see if there's local config first. Also included are the updates you'll need to make to the Capistrano config file and the commands to push the latest as well as rollback to your previous version.

In a new post to his blog Robert Basic takes a brief look at importing Symfony2 security settings from a bundle he's been creating back into the main configuration.

I started to work on/figuring out the security part in Symfony2 and one part where the docs fail so far is to explain how to import security settings from a bundle. Once I put some thinking into it, it's pretty easy actually. Simply import the needed security file in your main config file.

His trick is to use the "imports" key in his YAML config file to define the resource to pull from in his config.xml. More information on the format of the security file can be found here in the Symfony documentation. It helps you define authentication mechanisms, authorization models and working with access control and roles.