News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Docnet.nu:
SSL And PHP Streams - Part 1 You Are Doing It Wrong™
June 26, 2014 @ 09:54:40

On the Docnet.nu blog today they've kicked off a series looking at the use of streams and SSL in PHP and asking if you're doing it wrong in your current applications. The focus is more on the security aspect, breaking it down into a set of common problems (and how to work around them).

The upcoming PHP 5.6 release brings with it a number of improvements to encrypted PHP streams, both internally and externally. In these articles I will try to cover the most important changes, and how they affect your code. This article will focus on how to get the best security level in code that needs to be run on PHP versions below 5.6, and highlighting some of the gaps in the currently available functionality. Version 5.4.13 is the earliest version that supports all the options described below - and if you are running something earlier than this, then you really should consider upgrading to at least the latest version of the 5.4 series 1.

Their list is made up of six different problems:

  • Problem 1: Peer Verification
  • Problem 2: Cipher Lists
  • Problem 3: Protocol Support
  • Problem 4: TLS Compression Attack Vulnerability
  • Problem 5: Cipher Order
  • Problem 6: TLS Renegotiation Attacks

Each problem comes with a brief description of what it is and why it's an issues. Some also include code snippets showing how to correct the issue, usually relatively simply.

0 comments voice your opinion now!
streams problem list solution https tutorial

Link: http://www.docnet.nu/tech-portal/2014/06/26/ssl-and-php-streams-part-1-you-are-doing-it-wrongtm/C0

SitePoint Web Blog:
HTTPS Basics
April 02, 2014 @ 09:06:08

If you're relatively new to web development, you might not know exactly what kinds of benefits that using an HTTPS connection might provide. In this new article from the SitePoint PHP blog, Mufleeh Sadique covers some of the basics of HTTPS and gives some reasons why to "go HTTPS" in your applications.

Hypertext Transfer Protocol Secure or Hypertext Transfer Protocol over SSL is used for secure communication over a network, or perhaps more importantly - over the Internet. You would see https:// in the URI and a lock icon in the browser when you access a page that uses HTTPS. [...] If you ever wondered whether and how to go HTTPS with your website, we'll attempt to clear this up in this article by briefly describing what HTTPS is about, and why and how to implement it.

He's broken the rest of the article up into a few different sections. The first answers the question "why HTTPS" with a few reasons including the most important - encrypted communication. In the second section, he starts showing you how to "go HTTPS" using a self-signed certificate to start. With the certificate installed, he moves into the last part, ensuring your application is always using the HTTPS version and redirecting anything else.

0 comments voice your opinion now!
https introduction why how selfsigned certificate install configure

Link: http://www.sitepoint.com/https-basics

NetTuts.com:
HTTP The Protocol Every Web Developer Must Know - Part 2
April 29, 2013 @ 15:07:21

NetTus.com has followed up their previous article covering some of the basics of the HTTP protocol with this new post, part 2 of the series. They suggest that HTTP, the messaging format of the web, is the one protocol that every web developer should know.

In my previous article, we covered some of HTTP's basics, such as the URL scheme, status codes and request/response headers. With that as our foundation, we will look at the finer aspects of HTTP, like connection handling, authentication and HTTP caching. These topics are fairly extensive, but we'll cover the most important bits.

In this article, they talk about things like the HTTPS secure version of HTTP, server-side connection handling, identification/authorization and working with caching and cache control headers.

0 comments voice your opinion now!
http developer knowledge https authentication connections caching

Link: http://net.tutsplus.com/tutorials/tools-and-tips/http-the-protocol-every-web-developer-must-know-part-2

Christopher Kunz's Blog:
Now serving SPDY
May 03, 2012 @ 08:14:08

Christopher Kunz is trying out the new web acceleration tool Google recently released (SPDY) when his site is served under HTTPS (warning, self-signed cert).

The reason this posting lands in the PHP category is that I want to have a playground testing PHP applications with mod_spdy. Currently (and probably also in the future), this machine uses mod_php instead of php_(f)cgi(d) - this is not recommended for interoperation with mod_spdy. To test the real-life impact of the possible thread safety issues, I am using my private pages as a sandbox.

He has two other PHP-based applications running with the accelerator - a Gallery3 install and a WordPress site. SPDY ("speedy") was released by Google and is similar to HTTP but with a focus on minimized latency and heightened web security.

0 comments voice your opinion now!
spdy google acceleration tool google https


PHPBuilder.com:
Transfer Data via Multiple Protocols with Libcurl
September 19, 2011 @ 12:03:23

On PHPBuilder.com today there's a new tutorial showing how to use libcurl to communicate with multiple protocols like FTP, HTTP, HTTPS, SMTP and STMPS. The libcurl library that can be compiled in or installed as a shared module in your PHP install to provide enhanced networking abilities.

As I wrote in my PHP multithreading with cURL article, the libcurl is a free and easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, TELNET and TFTP. PHP supports the libcurl library which allows you to connect and communicate to many different types of servers with many different types of protocols.

The tutorial focuses on two different types of connections (well, four really) - FTP/FTPS and HTTP/HTTPS - and how to transfer data across each. Some code is included to create a (procedural) tool to send an uploaded file to a remote site.

0 comments voice your opinion now!
tutorial libcurl ftp ftps http https networking multiple protocol


Matthew Weier O'Phinney's Blog:
Making Zend Server Available Via SSL Only
January 07, 2011 @ 09:46:58

Matthew Weier O'Phinney has a new post to his blog today about making your Zend Server instance a bit more secure by taking the admin GUI and forcing it to be HTTPS-only (instead of the default HTTP & HTTPS).

In light of the recent remote PHP exploit, I decided to update a couple servers I manage to ensure they weren't vulnerable. In each case, I had been using hand-compiled PHP builds, but decided that I'm simply too busy lately to be trying to maintain updates -- so I decided to install Zend Server. [...] One thing I've never been happy about, however, is that by default Zend Server exposes its administration GUI via both HTTP and HTTPS. Considering that the password gives you access to a lot of sensitive configuration, I want it to be encrypted.

He points out that, since the Zend Server interface runs on a lighttpd instance, it's easy to modify a few config files to change the setting. Adding a few lines to limit the socket it can connect on, the IP address to filter to and a URL filter on anything starting with "/ZendServer/" takes away the HTTP access.

0 comments voice your opinion now!
zendserver http https restrict tutorial


PHP Web Services:
How to configure https for Apache2.2 and consume PHP web services over https
May 24, 2010 @ 08:39:49

New from the PHP Web Services blog today there's a post showing you how to set up Apache 2.2 for HTTPS connections to consume other web services.

The tutorial gives you a step-by-step process to follow with commands and configuration changes every step of the way:

  • Create a certificate
  • Generate a key
  • Sign the key with the certificate
  • Copy the keys to the right directory
  • Make configuration changes for the SSL connections
  • Connect to the remote HTTPS web service

If you're using PHP, you can also use the OpenSSL and SOAP clients with the SSL libraries to make requests to secure remote resources.

0 comments voice your opinion now!
https apache configuration ssl tutorial


DotVoid.com:
Problem with downloading files with Internet Explorer over HTTPS
October 01, 2009 @ 09:48:28

On the DotVoid.com blog Danne shares a quick tip on forcing downloads over HTTPS to Internet Explorer (which, of course, has to be difficult about it).

The problem is that Internet Explorer does not handle file dowloads without caching over https very well. Or at all. According to knowledge articles on Microsofts website the problem occurs when having one or two of the http headers. [...] Previously I have have just omitted the http header "Pragma: nocache" for IE but it seems it does not always help.

So the fix is relatively simple - rely on the $_SERVER['HTTP_USER_AGENT'] value to tell if it's an IR browser or not. If it is, "Pragma: cache" works. If not, stick with "Pragma: no-cache".

0 comments voice your opinion now!
download file ie browser https tutorial


DevShed:
Managing Secure Protocol in Apache-Based Websites using PHP
May 29, 2009 @ 07:55:25

On DevShed today there's a new tutorial that walks you through tips on two things that can help you keep your https site running smoothly and keep in favor with the major search engines - duplicate content and correct 301 redirects.

When trying to maintain a secure protocol on an Apache-based website, you can expect to deal with certain issues, especially if you're also trying to rank well in the search engines. [...] This article provides tips and solutions to help any web developer effectively manage the two most difficult problems in maintaining the secure protocol side of any website. These are the: Duplicate content and 301 redirection from the non-https to http version.

They recommend two things to handle the duplicate content issues: placing a meta tag on the https pages to keep them from being indexed (keeping the search engines from seeing the http and htttps as two different resources, thus two different sites to index) and using a canonical value in a link tag.

As far as the 301 redirects go, they include some PHP code that, if placed at the top of your pages, can detect if the protocol is https or not. If its not, it uses header to perform the 301 redirect.

0 comments voice your opinion now!
tutorial content duplicate redirect https



Community Events





Don't see your event here?
Let us know!


code community release api development podcast tips list deployment language interview application introduction series developer conference zendserver laravel framework threedevsandamaybe

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework