Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

KnP University:
Introducing Guard: Symfony Security with a Smile
Jul 14, 2015 @ 09:15:05

The KNP University site has a post that talks about a new library they've created (and matching tutorial series) about an easier method to handle authentication in your Symfony applications: Guard.

Symfony’s authorization system - the stuff related to voters and roles - is awesome. It’s simple, it kicks butt, and it’s one of my favorite things, just behind fresh-baked cookies.

But then there’s that other part: authentication. This is how you login: maybe with a form or via OAuth, like Facebook login. This part is probably the single worst part of Symfony. It’s over-engineered, hard to customize and no fun to work with. [...] This problem was screaming for a solution. If we could make Symfony’s authentication system simple and fun, the whole security system would go from a pain, to a powerful tool.

The library they've created, Guard centralizes the authentication handling into one place (via an interface) and makes the basics of authentication handling simpler. In their tutorial they walk you through the use of Guard as a part of a bundle complete with examples of login form and API token authentication handling. He ends the post with a quick comment about a "secret goal" he has to try to have Guard included in symfony itself.

tagged: guard symfony authentication library bundle tutorial simple

Link: http://knpuniversity.com/blog/guard-authentication

IBM DeveloperWorks:
Seven habits for writing secure PHP applications
Oct 01, 2008 @ 10:28:55

The IBM DeveloperWorks site has posted some advice that can help keep you, your application and your data safe from security-related attacks.

Security in a PHP application includes remote and local security concerns. Discover the habits PHP developers should get into to implement Web applications that have both characteristics.

The habits in their list are:

  • Validate input
  • Guard your file system
  • Guard your database
  • Guard your session
  • Guard against XSS vulnerabilities
  • Guard against invalid posts
  • Protect against CSRF

Each comes with their own explanation and for some, code to help you spot the mistakes and correct them.

tagged: habit security application validate guard file database xss csrf

Link:

Ilia Alshanetsky's Blog:
Changing of the Guard
Oct 01, 2007 @ 07:55:00

A changing of the guard has taken place with the launch of the new branch of PHP - 5.3. Ilia Alshanetsky is no longer the release manager, instead Johannes Schlüter will be taking the lead.

From Ilia:

As per our tradition of changing Release Masters for every minor release, a new masochist, ;-) Johannes Schlüter will be taking of the role of RM for PHP 5.3 from me. I will continue to RM 5.2.X release, which has 1-2 releases in it still and will be actively maintained up until 5.3.0 is released into the wild, something that should happen early next year.

Ilia is stepping down after two years of service as release manager and, while sad to move on, is happy to see "new blood" move into the project to liven things up.

Check out Manfred Weber's comments on the change too.

tagged: release manager changing guard johannesshluter release manager changing guard johannesshluter

Link:

Ilia Alshanetsky's Blog:
Changing of the Guard
Oct 01, 2007 @ 07:55:00

A changing of the guard has taken place with the launch of the new branch of PHP - 5.3. Ilia Alshanetsky is no longer the release manager, instead Johannes Schlüter will be taking the lead.

From Ilia:

As per our tradition of changing Release Masters for every minor release, a new masochist, ;-) Johannes Schlüter will be taking of the role of RM for PHP 5.3 from me. I will continue to RM 5.2.X release, which has 1-2 releases in it still and will be actively maintained up until 5.3.0 is released into the wild, something that should happen early next year.

Ilia is stepping down after two years of service as release manager and, while sad to move on, is happy to see "new blood" move into the project to liven things up.

Check out Manfred Weber's comments on the change too.

tagged: release manager changing guard johannesshluter release manager changing guard johannesshluter

Link:

Zend:
New Version of Zend Guard to be Released (v4)
Apr 11, 2006 @ 08:00:19

Zend Tehcnologies will be releasing tomorrow (Wed, April 12th) the latest version of their "code protection utility" - Zend Guard 4.

Zend Guard 4 offers an unprecedented level of code protection and a complete license management solution for the distribution of PHP applications. Zend improved the Guard product line to minimize the risk of reverse engineering by increasing protection during the encoding phase.

Zend Guard has two parts to it - the encoder and the license manager for your scripts. You can quickly and easily distribute your encoded scripts to the masses, and licenses can be easily updated/renewed without having to send out anything new. Some of the license options include concurrent users, time limitations, and if it needs to be server-specific or not.

Look for the release of this product tomorrow on the Zend website.

tagged: zend guard new version release four zend guard new version release four

Link:

Zend:
New Version of Zend Guard to be Released (v4)
Apr 11, 2006 @ 08:00:19

Zend Tehcnologies will be releasing tomorrow (Wed, April 12th) the latest version of their "code protection utility" - Zend Guard 4.

Zend Guard 4 offers an unprecedented level of code protection and a complete license management solution for the distribution of PHP applications. Zend improved the Guard product line to minimize the risk of reverse engineering by increasing protection during the encoding phase.

Zend Guard has two parts to it - the encoder and the license manager for your scripts. You can quickly and easily distribute your encoded scripts to the masses, and licenses can be easily updated/renewed without having to send out anything new. Some of the license options include concurrent users, time limitations, and if it needs to be server-specific or not.

Look for the release of this product tomorrow on the Zend website.

tagged: zend guard new version release four zend guard new version release four

Link: