News Feed
Jobs Feed
Sections

Recent Jobs

News Archive
feed this:

International PHP Magazine:
Which of the Following Ensures Smooth Implementation of PHP Sessions?
by Chris Cornutt May 03, 2007 @ 11:14:00

The results from the latest poll the International PHP Magazine conducted this past week are in. The question they asked developers to respond to was "Which One of the Following Ensures Smooth Implementation of PHP Sessions?".

Options this time were:

  • Don't use underscore in host names
  • Commit your session before it redirects
  • Prevent session fixation
  • Don't expose session_id's
The results were pretty close for all of the options with one coming out on top (committing the session) and two tying for second - preventing session fixation and not exposing session IDs.

Subversion and Symfony users should cast their votes in this week's poll. It asks, of the four options given, which is your favorite "trick" to running the Symfony framework with Subversion.

1 comment voice your opinion now!
pol session implementation commit fixation expose subversion symfony pol session implementation commit fixation expose subversion symfony



Oscar Merida's Blog:
Avoiding frustration with PHP Sessions
by Chris Cornutt March 30, 2007 @ 11:28:00

On his blog, Oscar Merida has a quick new post those just starting out with sessions should take a look at. He gives four quick tips of things to watch out for that can help your development process go smoother.

PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.

Items on the list are:

  • Don't use underscores in host names
  • Commit your sessions before redirects
  • Prevent session fixation (great security tip!)
  • Don't expose session_id's
Check out the comments - there's some good recommendations in there as well.

0 comments voice your opinion now!
frustration session avoid recommend underscore fixation expose frustration session avoid recommend underscore fixation expose


Zend Developer Zone:
PHP Security Tips #6 and #7
by Chris Cornutt March 12, 2007 @ 11:38:00

Continuing in their security theme for the month of March, the Zend Developer Zone has posted two more Security Tips for PHP developers out there:

  • The first tip (#6 on their list) talks about the benefits of casting all of the values going in to your SQL queries. This helps keep you and your data away from things like nasty SQL injection issues that could result in exposure of valuable data.
  • The second tip (#7) focuses on regeneration of session IDs to help prevent fixation. They give an example of how, without it, you could inadvertently allow in unauthorized users. Thankfully, one quick function call can remedy the situation - session_regenerate_id.

Check out their full list for more great tips.

0 comments voice your opinion now!
security tip session fixation sql injection cast query security tip session fixation sql injection cast query



Community Events









Don't see your event here?
Let us know!

security conference cakephp PHP5 code release example book ajax zend database mysql zendframework framework developer application job package releases PEAR

All content copyright, 2008 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework