Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matt Stauffer:
Multiple authentication guard drivers (including API) in Laravel 5.2
Jan 25, 2016 @ 09:24:31

Matt Stauffer has a new post in his series looking at the features in the latest version of the Laravel framework (v5.2) with this look at guard drivers and how 5.2 allows you to use more than one at once.

Let's get back to Laravel 5.2 features, shall we? 5.2 introduced a significant boost to the power of the entire authentication system, including making it much simpler to have multiple "guards" running at once. The default authentication guard in Laravel prior to 5.2 (now named the web guard) is your traditional web-based application authentication layer: username and password post to a controller. [...] But what if you want to have an API running in the same app, and it uses JSON web tokens (or some other stateless, non-session authentication mechanism)? In the past you'd have to jump through a lot of hoops to have multiple authentication drivers running at the same time.

He shows how to edit the auth.php configuration file to add in more "guard" instances to the default request handling. He also talks about the new driver that backends the "api" guard: the token driver. He briefly introduces the driver and talks about how it works with the current authentication setup. He also looks at changes you can make to use non-default drivers in your auth requests and how to set up your own custom drivers.

tagged: multiple authentication api token guard driver tutorial laravel

Link: https://mattstauffer.co/blog/multiple-authentication-guard-drivers-including-api-in-laravel-5-2

SitePoint PHP Blog:
Easier Authentication with Guard in Symfony 3
Dec 22, 2015 @ 09:49:03

The SitePoint PHP blog has posted a new tutorial from author Daniel Sipos showing the Symfony framework users out there how to do easier authentication with Guard, a newer component introduced to the framework to take some of the complexity out of the process.

The Symfony2 security system is a complex part of the framework, one that is difficult to understand and work with for many people. It is very powerful and flexible, however not the most straightforward.

[...] With the release of version 2.8 (and the much awaited version 3), a new component was accepted into the Symfony framework: Guard. The purpose of this component is to integrate with the security system and provide a very easy way for creating custom authentications. It exposes a single interface, whose methods take you from the beginning to the end of the authentication chain: logical and all grouped together.

He starts off with the configuration changes you'll need to add/make to use the Guard component, defining an "in memory" admin user type. He shows how to define the firewall to use a Guard form authenticator and update the security configuration with the path matches and related roles. He then gets into the controller side of things, defining a loginAction and a simple username/password form in the matching view. Finally, he updates the services configuration for the authenticator and creates the full FormAuthenticator class to go along with it. He then explains each piece of this puzzle and how it all works together to make the authentication happen.

tagged: authentication guard symfony3 tutorial easy introduction security

Link: http://www.sitepoint.com/easier-authentication-with-guard-in-symfony-3/

Culttt.com:
Setting the Context in a Laravel Application
Sep 24, 2015 @ 13:39:46

Continuing on their series about context in Laravel applications, the Culttt.com blog has posted the next part talking about setting the context of the application. In this case the term "context" relates to the "operating environment" the request is happening in (not to be confused with the environment, things like the server/software installed).

Last week we looked at managing context in a Laravel application. Context is a very important aspect of a web application as this foundational structure will be relied upon for almost every piece of code. Setting the context usually involves checking against the business rules of the application.

For example, does the current user have access to this group? Does the current task belong to this project? Can this user create a new post in this thread? These kind of foundational business rules need to be addressed whenever a request enters the application.

He starts by talking about the importance of the URL the user is requesting, pointing out that it should be both useful to identify the resource and provide a "sense of hierarchy" for the application. He then shows how to, using the "Guard" handling in Laravel, to define the context and ensure that the user is operating within an allowed context. Full code is included to set up the system and creating the objects to resolve the group and request information into something useful.

tagged: context laravel application tutorial group request guard

Link: http://culttt.com/2015/09/21/setting-the-context-in-a-laravel-application/

KnP University:
Introducing Guard: Symfony Security with a Smile
Jul 14, 2015 @ 09:15:05

The KNP University site has a post that talks about a new library they've created (and matching tutorial series) about an easier method to handle authentication in your Symfony applications: Guard.

Symfony’s authorization system - the stuff related to voters and roles - is awesome. It’s simple, it kicks butt, and it’s one of my favorite things, just behind fresh-baked cookies.

But then there’s that other part: authentication. This is how you login: maybe with a form or via OAuth, like Facebook login. This part is probably the single worst part of Symfony. It’s over-engineered, hard to customize and no fun to work with. [...] This problem was screaming for a solution. If we could make Symfony’s authentication system simple and fun, the whole security system would go from a pain, to a powerful tool.

The library they've created, Guard centralizes the authentication handling into one place (via an interface) and makes the basics of authentication handling simpler. In their tutorial they walk you through the use of Guard as a part of a bundle complete with examples of login form and API token authentication handling. He ends the post with a quick comment about a "secret goal" he has to try to have Guard included in symfony itself.

tagged: guard symfony authentication library bundle tutorial simple

Link: http://knpuniversity.com/blog/guard-authentication

IBM DeveloperWorks:
Seven habits for writing secure PHP applications
Oct 01, 2008 @ 10:28:55

The IBM DeveloperWorks site has posted some advice that can help keep you, your application and your data safe from security-related attacks.

Security in a PHP application includes remote and local security concerns. Discover the habits PHP developers should get into to implement Web applications that have both characteristics.

The habits in their list are:

  • Validate input
  • Guard your file system
  • Guard your database
  • Guard your session
  • Guard against XSS vulnerabilities
  • Guard against invalid posts
  • Protect against CSRF

Each comes with their own explanation and for some, code to help you spot the mistakes and correct them.

tagged: habit security application validate guard file database xss csrf

Link:

Ilia Alshanetsky's Blog:
Changing of the Guard
Oct 01, 2007 @ 07:55:00

A changing of the guard has taken place with the launch of the new branch of PHP - 5.3. Ilia Alshanetsky is no longer the release manager, instead Johannes Schlüter will be taking the lead.

From Ilia:

As per our tradition of changing Release Masters for every minor release, a new masochist, ;-) Johannes Schlüter will be taking of the role of RM for PHP 5.3 from me. I will continue to RM 5.2.X release, which has 1-2 releases in it still and will be actively maintained up until 5.3.0 is released into the wild, something that should happen early next year.

Ilia is stepping down after two years of service as release manager and, while sad to move on, is happy to see "new blood" move into the project to liven things up.

Check out Manfred Weber's comments on the change too.

tagged: release manager changing guard johannesshluter release manager changing guard johannesshluter

Link:

Ilia Alshanetsky's Blog:
Changing of the Guard
Oct 01, 2007 @ 07:55:00

A changing of the guard has taken place with the launch of the new branch of PHP - 5.3. Ilia Alshanetsky is no longer the release manager, instead Johannes Schlüter will be taking the lead.

From Ilia:

As per our tradition of changing Release Masters for every minor release, a new masochist, ;-) Johannes Schlüter will be taking of the role of RM for PHP 5.3 from me. I will continue to RM 5.2.X release, which has 1-2 releases in it still and will be actively maintained up until 5.3.0 is released into the wild, something that should happen early next year.

Ilia is stepping down after two years of service as release manager and, while sad to move on, is happy to see "new blood" move into the project to liven things up.

Check out Manfred Weber's comments on the change too.

tagged: release manager changing guard johannesshluter release manager changing guard johannesshluter

Link:

Zend:
New Version of Zend Guard to be Released (v4)
Apr 11, 2006 @ 08:00:19

Zend Tehcnologies will be releasing tomorrow (Wed, April 12th) the latest version of their "code protection utility" - Zend Guard 4.

Zend Guard 4 offers an unprecedented level of code protection and a complete license management solution for the distribution of PHP applications. Zend improved the Guard product line to minimize the risk of reverse engineering by increasing protection during the encoding phase.

Zend Guard has two parts to it - the encoder and the license manager for your scripts. You can quickly and easily distribute your encoded scripts to the masses, and licenses can be easily updated/renewed without having to send out anything new. Some of the license options include concurrent users, time limitations, and if it needs to be server-specific or not.

Look for the release of this product tomorrow on the Zend website.

tagged: zend guard new version release four zend guard new version release four

Link:

Zend:
New Version of Zend Guard to be Released (v4)
Apr 11, 2006 @ 08:00:19

Zend Tehcnologies will be releasing tomorrow (Wed, April 12th) the latest version of their "code protection utility" - Zend Guard 4.

Zend Guard 4 offers an unprecedented level of code protection and a complete license management solution for the distribution of PHP applications. Zend improved the Guard product line to minimize the risk of reverse engineering by increasing protection during the encoding phase.

Zend Guard has two parts to it - the encoder and the license manager for your scripts. You can quickly and easily distribute your encoded scripts to the masses, and licenses can be easily updated/renewed without having to send out anything new. Some of the license options include concurrent users, time limitations, and if it needs to be server-specific or not.

Look for the release of this product tomorrow on the Zend website.

tagged: zend guard new version release four zend guard new version release four

Link: