Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Community News:
Fav.or.it Launch (Built on the Zend Framework)
Jun 18, 2008 @ 13:47:36

Nick Halstead and crew have launched fav.or.it (yesterday), a social site that seeks to "bring blogging to the masses" and runs on top of the Zend Framework.

From their blog:

We have long talked about 'bringing blogging to the masses' and today we have released a new version of fav.or.it which we think moves a quite a few steps towards that goal. We hope that we have firstly simplified the interaction with blogosphere and in turn made it accessible to a whole new audience. And for the more tech aware users we hope we have a raft of features that will also appeal.

Some of the more important things the site can do include conversation tracking, identity management, simple and easy to use searching, integrated commenting and much more. Check out Nick's list for more great features or just make a login and check it out for yourself.

tagged: favorit launch zendframework blogging mass appeal simple

Link:

php|architect:
Stored Procedure Programming for MySQL5 (Part 2)
Aug 08, 2006 @ 17:11:54

The A/R/T article repository (from php|architect) has posted the second part of their series covering stored procedure programming in MySQL by Ligaya Turmelle.

Now that we become familiar with the fundamentals of stored procedures it is time to start playing with the "Big Boy Toys". This article will go over stored procedures's built in error handling, the security features available, various "extras" available, what isn't allowed in a stored procedure, and some basic administration of the stored procedures. So lets stop talking and bust open the toy box and start playing!

Since they've already gotten the groundwork laid in the previous article, they jump right into the transactions in this part. In this example, they create a "mass insert", show hoe to create some error handling, add in a dash of security, and toss in a few extras. There's also a few small gotchas included to watch out for.

tagged: mysql stored procedure programming part2 mass insert error security mysql stored procedure programming part2 mass insert error security

Link:

php|architect:
Stored Procedure Programming for MySQL5 (Part 2)
Aug 08, 2006 @ 17:11:54

The A/R/T article repository (from php|architect) has posted the second part of their series covering stored procedure programming in MySQL by Ligaya Turmelle.

Now that we become familiar with the fundamentals of stored procedures it is time to start playing with the "Big Boy Toys". This article will go over stored procedures's built in error handling, the security features available, various "extras" available, what isn't allowed in a stored procedure, and some basic administration of the stored procedures. So lets stop talking and bust open the toy box and start playing!

Since they've already gotten the groundwork laid in the previous article, they jump right into the transactions in this part. In this example, they create a "mass insert", show hoe to create some error handling, add in a dash of security, and toss in a few extras. There's also a few small gotchas included to watch out for.

tagged: mysql stored procedure programming part2 mass insert error security mysql stored procedure programming part2 mass insert error security

Link:

PHP Security Blog:
phpBB mass hack in preparation?
Mar 27, 2006 @ 13:14:55

In relation to this message found on a newsgroup last Monday (03.20.2006), Stefan Esser has this new post on the PHP Security Blog with his opinions on "FuntKlakow" and the situation.

During the last days a lot of blog entries, forum posts and even articles in IT magazines were made about a potential phpBB mass hack in preparation. From what is reported it seems to me that FuntKlakow is only a spambot and that the whole situation is a little bit overhyped. In the end it seems enough to enable the visual confirmation in the registration form (captcha) to keep FuntKlakow out, although the captcha is so bad that it should not be hard to break it.

Despite the comment made above, he doesn't suggest dismissing the issue just yet. It's quite possible that the "deception" of FuntKlakow being a spam bot is just that, and it could turn into a massive tool for some developer out there to flip a switch and have a huge amount of server-level access across the world.

Stefan also briefly mentions a patch that he submitted to the phpBB team concerning an issue with the signature_bbcode_uid remote code execution exploit - which wasn't used. Instead, an internal patch was applied that still didn't quite cover the issue.

tagged: security phpbb mass hack FuntKlakow patch security phpbb mass hack FuntKlakow patch

Link:

PHP Security Blog:
phpBB mass hack in preparation?
Mar 27, 2006 @ 13:14:55

In relation to this message found on a newsgroup last Monday (03.20.2006), Stefan Esser has this new post on the PHP Security Blog with his opinions on "FuntKlakow" and the situation.

During the last days a lot of blog entries, forum posts and even articles in IT magazines were made about a potential phpBB mass hack in preparation. From what is reported it seems to me that FuntKlakow is only a spambot and that the whole situation is a little bit overhyped. In the end it seems enough to enable the visual confirmation in the registration form (captcha) to keep FuntKlakow out, although the captcha is so bad that it should not be hard to break it.

Despite the comment made above, he doesn't suggest dismissing the issue just yet. It's quite possible that the "deception" of FuntKlakow being a spam bot is just that, and it could turn into a massive tool for some developer out there to flip a switch and have a huge amount of server-level access across the world.

Stefan also briefly mentions a patch that he submitted to the phpBB team concerning an issue with the signature_bbcode_uid remote code execution exploit - which wasn't used. Instead, an internal patch was applied that still didn't quite cover the issue.

tagged: security phpbb mass hack FuntKlakow patch security phpbb mass hack FuntKlakow patch

Link:

Issociate.de Newsreader:
phpBB mass-hack being prepared?
Mar 20, 2006 @ 13:51:03

In this posting included on the Issociate.de site's Newsreader, there's talk of a "massive phpBB hack" that might be taking place.

During the last few days a bot using a name FuntKlakow, has been registering to at least hundreds (maybe thousands) of phpBB forums.

Ok, what is a danger? Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums.

It's an interesting situation and, as suggested in some of the comments on this digg post, will be interesting to see what happens. It is a little odd for that many items to come up on a search for the name that are only profiles for phpBB boards, especially given phpBB's track record...

tagged: phpbb mass hack FuntKlakow bot spam bug phpbb mass hack FuntKlakow bot spam bug

Link:

Issociate.de Newsreader:
phpBB mass-hack being prepared?
Mar 20, 2006 @ 13:51:03

In this posting included on the Issociate.de site's Newsreader, there's talk of a "massive phpBB hack" that might be taking place.

During the last few days a bot using a name FuntKlakow, has been registering to at least hundreds (maybe thousands) of phpBB forums.

Ok, what is a danger? Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums.

It's an interesting situation and, as suggested in some of the comments on this digg post, will be interesting to see what happens. It is a little odd for that many items to come up on a search for the name that are only profiles for phpBB boards, especially given phpBB's track record...

tagged: phpbb mass hack FuntKlakow bot spam bug phpbb mass hack FuntKlakow bot spam bug

Link:


Trending Topics: