News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Protecting Your Keys From GitHub
March 05, 2015 @ 12:03:05

On the NetTuts.com site there's a new post talking about protecting your keys when using a public site like GitHub. This relates to an easy thing to forget - removing hard-coded credentials from code before pushing it public.

In December 2014, Slashdot ran an alarming story Bots Scanning GitHub To Steal Amazon EC2 Keys, based on developer and blogger Andrew Hoffman's experience trying out Ruby on Rails on Amazon with AWS S3. He inadvertently committed an application.yml file with his AWS keys. [...] It's an easy mistake and most of us have probably done a similar thing at one point or another. And it's not just AWS keys that are at risk. As our use of cloud-based services increases, the expanding use of a broad variety of service API keys can be leveraged by hackers and spammers alike.

He goes through a solution he's found to help protect those credentials, in this case working with the configuration of a Yii framework-based application. He starts with a mention of .gitignore but points out that it could have unexpected results from "quirks" in its handling. He suggests a different option - using a configuration file that lives someplace outside of the main git directory and can be referenced directly from inside the application. He provides two kinds of examples: one using a PHP-based configuration and another based on an INI file. He finishes the post with a mention about WordPress plugins and the fact that they're (usually) stored in a database and open to exposure if a SQL injection vulnerability is found.

0 comments voice your opinion now!
github protect keys commit public exposure configuration file gitignore

Link: http://code.tutsplus.com/tutorials/protecting-your-keys-from-github--cms-23002

DevShed:
Web Application Security Overview
September 22, 2008 @ 14:42:51

DevShed starts off a new series today focusing on security in web applications, specifically in PHP-based ones, with this first article - an overview.

With the web and web sites open to everyone -- including malicious hackers -- the security of web applications sits at the top of the list of issues on any web developer's mind. In this eight-part series, we will look at the security concerns of PHP developers, and what they can do to make their web applications more secure.

They talk about the importance of having a security plan from the start and look at a few simple steps to get started with in enhancing your application's security - the proper use of register globals, using error reporting to correctly catch problems and how to minimize the code exposure of your app.

0 comments voice your opinion now!
application security overview tutorial series registerglobals error report exposure


DevShed:
Am Introduction to PHP Security
February 15, 2007 @ 06:50:52

Devshed has posted a new article covering one of the hottest topics in the PHP community right now - security.

Security in a scripting language such as PHP is more developer-dependent than language-dependent. In other words, although the language offers you the tools to create secure code, it cannot prevent insecure code. Thus, the degree to which code is secure almost entirely depends on how security conscious a developer is.

The article looks at three security-related topics:

  • Register globals
  • error reporting
  • code exposure
and for each provides explanation and code where needed to help the reader understand the issues and possible problems with them.

0 comments voice your opinion now!
introduction tutorial security registerglobals error reporting exposure introduction tutorial security registerglobals error reporting exposure



Community Events

Don't see your event here?
Let us know!


example framework opinion laravel install api language series introduction extension interview unittest laravel5 library podcast xdebug php7 release community voicesoftheelephpant

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework