Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Woody Gilk:
Immutable Data Structures in PHP
Sep 23, 2015 @ 11:48:34

Woody Gilk has posted an article to his site looking at immutable data structures in PHP and a library that's come from the research and work he did to implement them in PHP.

As someone who most often works with PHP I often find myself envious of the more advanced data structures that are present in a language like Python. As an experiment, I decided to see if it would be possible to bring some of those basic structures to PHP while also preserving immutability. The result of this experiment is Destrukt.

He starts off talking about immutable data structures and introducing some of the basic concepts and usage around them. He notes that they "cannot be modified by accident" and how, if they do need to be changed, they'd actually be reassigned not updated. He then talks about PHP arrays, how they're normally used in PHP and how their flexibility can lead to potential issues in the code. His library implements more strict versions of the same functionality in the form of dictionaries, orderedlists, unorderedlists and sets. He includes examples of using the library to create these objects and how to get the data back out of them for evaluation.

tagged: immutable data structure introduction destrukt dictionary orderedlist unorderedlist set

Link: http://shadowhand.me/immutable-data-structures-in-php/

Just Hashing is Far from Enough for Storing Passwords (Dictionary & Rainbow Attacks)
Mar 09, 2010 @ 13:11:01

On Kavoir.com there's a new post that reminds you that hashing isn't enough anymore to protect your users and their passwords. They offer a suggestion or two of what you can do to help lock things down a bit more.

The common practice is to hash the user password and store the hash string of the password in the database. When the user tries to log in and supplies his password, it is used to generate a hash string to be compared to the one stored in the database. [...] This approach may be secure in the 70s of the last century, but barely any more.

Computing has evolved enough to where hashed can be matched, sometimes in less than two or three minutes. Their answer to the problem? Generate a random salt each time you create the hash with a constant being used as a base. A code snippet calling a user-defined function and the sha1 function are included.

tagged: hash password salt dictionary rainbow attack