News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rob Allen:
Setting up PHP & MySQL on OS X Yosemite
October 20, 2014 @ 09:43:36

Rob Allen has posted a quick guide to help you get PHP and MySQL set up on Yosemite, the latest version of Apple's OSX operating system (just released last week).

t's that time again; Apple has shipped a new version of OS X, 10.10 Yosemite. Apple ships PHP 5.5.14 with Yosemite and this is how to set it up from a clean install. However, if you don't want to use the built-in PHP or want to use version 5.6, then these are some alternatives [including the Liip binary package, Homebrew or Zend Server 7.x).

He opts for the Homebrew method, installing it first then getting into the PHP and MySQL packages. This is all done from the command-line, so you'll need to be comfortable there. He includes the commands needed to install PHP, MySQL and Apache along with all configuration changes to make them work together. He also shows how to install Xdebug, PEAR, Composer and the Mcrypt & Intl extensions if needed.

0 comments voice your opinion now!
setup osx yosemite mysql homebrew package install apache intl mcrypt

Link: http://akrabat.com/php/setting-up-php-mysql-on-os-x-yosemite/

LeaseWebLabs.com:
Lessons learned implementing AES in PHP using Mcrypt
February 28, 2014 @ 09:37:45

The LeaseWebLabs.com site has a new post talking about some of their difficulties (and lessons learned) when implementing AES in PHP with mcrypt for a recent project.

The Advanced Encryption Standard (AES) is the successor of triple DES. When you need a standardized, secure, high performance symmetric cipher it seems like a good choice. Wi-Fi network traffic is encrypted with AES for instance. Also when you want to securely store data in a database or on disk you could choose AES. Many SSDs store data internally using AES encryption. PHP supports AES through "mcrypt". On Debian based systems (like Ubuntu and Mint) you can install it using "sudo apt-get install php5-mcrypt".

With no direct support for AES in mcrypt, they decided on Rijndael-128 instead and include some code examples of getting its key and block size. They also include an example of the dynamic typing PHP does when converting a string to an integer and the "key padding" PHP automatically does if the key length it too short. A few other problems they discovered during implementation are mentioned as well including null padding on strings and PHP's ignoring of a wrong size initialization vector (no padding, just an error).

0 comments voice your opinion now!
leaseweblabs mcrypt implement aes rijndael

Link: http://www.leaseweblabs.com/2014/02/aes-php-mcrypt-key-padding/

Pádraic Brady:
Predicting Random Numbers In PHP - It's Easier Than You Think!
March 26, 2013 @ 09:54:15

Pádraic Brady has a new post to his site about "randomness" in PHP and how, depending on the method used, you might not be as random as you think.

The Zend Framework team recently released versions 2.0.8 and 2.1.4 to address a number of potential security issues including advisory ZF2013-02 "Potential Information Disclosure and Insufficient Entropy vulnerabilities in ZendMathRand and ZendValidateCsrf Components". Quite the mouthful! In short, Zend Framework used the mt_rand() function to generate random numbers in situations where neither openssl_pseudo_random_bytes() nor mcrypt_create_iv() were available. This is possible when the openssl and mcrypt extensions are not installed/compiled with PHP.

He talks some about the mt_rand function and how it generates its "random numbers" (designed for speed, not ultimate randomness). He notes that all of PHP's internal randomization functions use the concept of "seeds" to prime the random number/string generation. Unfortunately, the seeding method is known inside PHP, so it is possible - if the method of generation is weak, as it is with mt_rand - that an attacker could brtute force their way into a correct value. You can find more about randomness in PHP in this chapter of his PHP security handbook including a mention of Anthony Ferrara's randomness library.

0 comments voice your opinion now!
randomness seed mtrand openssl mcrypt randomlib


Rob Allen:
Setting up PHP & MySQL on OS X 10.8 Mountain Lion
August 30, 2012 @ 09:09:12

Rob Allen has posted some notes to his site helping you get PHP set up on OSX Lion (10.8) successfully.

With OS X 10.8, Apple continues to ship PHP 5.3 with Xdebug, PEAR, GD and PDO_MYSQL. This is how to set it up from a clean install of 10.8.

He's broken it up into a few sections including the MySQL setup, Apache configuration , updating the main php.ini and setting up PHPUnit ("and friends") for your testing. He also includes setup instructions for the mcrypt and the PECL OAuth extensions.

0 comments voice your opinion now!
setup osx lion mysql apache mcrypt oauth pecl pear xdebug phpunit


Rob Allen's Blog:
Setting up PHP & MySQL on OS X 10.7 Lion
July 25, 2011 @ 12:12:51

Rob Allen has posted his own guide to getting PHP 5.3 set up on OS X 10.7 Lion, the just-released update for Apple's operating system. It comes with a bundled set of PHP-related tools but you might want to set them up your own way. This is where the guide comes in.

With OS X 10.7, Apple continues to ship PHP 5.3 with PEAR, GD and PDO_MYSQL out of the box. This is how to set it up from a clean install of 10.7.

He goes through each of the pieces of software and talks about where to download the latest from and what configuration steps are needed:

  • MySQL
  • Apache
  • the php.ini
  • Xdebug
  • PEAR
  • PHPUnit (and friends)
  • PECL OAuth
  • mcrypt
0 comments voice your opinion now!
lion osx setup environment mysql apache xdebug pear phpunit oauth mcrypt


Mark Karpeles' Blog:
PHP can do anything, what about some ssh?
June 28, 2010 @ 13:38:18

In an effort to just about everything he can with PHP Mark Karpeles has posted an article about how he created a SSH server in PHP with most (not quite all) of the functionality of some of its counterparts.

You probably know SSH at least by its name. It's a of secure telnet replacement which also allows many other things such as port forwarding, remote file management (with sftp) and more. With PHP I could write a fully working SSH server in only 3 days. [...] My goal when writing this was to provide a replacement for the FTP protocol for the customers of my hosting service.

He lists the extensions used to create the extension - OpenSSL, mcrypt, hash and (the most important) GMP as well as a link to the source if you'd like to try it out yourself.

24 comments voice your opinion now!
openssl mcrypt has gmp ssh server


WebReference.com:
Using PHP Encryption for Login Authentication
June 04, 2010 @ 08:50:10

New on WebReference.com there's a follow up article that talks about using encryption built into PHP to handle login information and authentication.

Following up on "Implementing One-way Encryption in PHP," my previous tutorial about using one-way encryption to build a secure online diary application, this article explores using PHP encryption for login authentication. It presents the two scripts that make up the diary application: the login and diary scripts, as well as the necessary database server connection script.

His script example shows how to use the md5 hashing function to compare passwords with the ones in the database as well as a modification that uses the mcrypt libraries to encrypt some sample text.

0 comments voice your opinion now!
login authenication mcrypt md5 tutorial


ITNewb.com:
PHP Encryption / Decryption Using the MCrypt Library (libmcrypt)
May 26, 2009 @ 09:35:10

On the ITNewb.com site there's a recent tutorial that's been posted by Andrew Johnson about using the mcrypt library in your PHP apps for a simple level of data protection.

The ability to encrypt and safeguard data is an essential ability that every serious web developer should have in their arsenal. In this article we'll explore encrypting data with PHP and MCrypt (libmcrypt), storing it in a database, retrieving it from a database and decrypting it for use.

He works through what mcrypt is, where it can be downloaded from, a simple usage example and a more in-depth look at what its doing (making an IV, encrypting) and how to store the resulting encrypted information into a MySQL database table.

1 comment voice your opinion now!
libmcrypt tutorial mcrypt


DevX.com:
A Guide to Cryptography in PHP
May 06, 2008 @ 13:47:22

The DevX.com site has posted an introductory guide to using cryptography in PHP, showing how to use the various packages the language has to offer.

Cryptography is just one piece of the security puzzle, along with SSL/TLS, certificates, digital signatures, and so on. This article explains how to use PHP to implement the most common cryptographic algorithms. In addition to describing PHP's default encryption functions, you'll see how to use a wide variety of cryptographic libraries and packages.

They start with a look at some of the built-in functions like md5, sh1 and crypt as well as a table detailing the different encryption methods (like mcrypt, mhash or crypt_blowfish). They follow this up with examples of some of them including a method for making secret keys with the Crypt_DiffieHellman PEAR Package.

0 comments voice your opinion now!
cryptography mcrypt mhash blowfish rsa hmac diffiehellman


WebReference.com:
Security Techniques Part 2
May 29, 2007 @ 12:02:00

WebReference.com has posted part two in their series looking at security techniques in PHP. This time they focus on the use of a few things - the PECL filter, the PEAR Auth module and mcrypt.

For each of the three topics covered, they include a few code examples on their use - an HTML form with the filter extension, user authentication with the PEAR Auth, and encrypting data to be used in a more secure cookie.

The article is excerpted from PHP 5 Advanced: Visual QuickPro Guide by Larry Ullman.

0 comments voice your opinion now!
security technique tutorial filter pecl pear auth mcrypt security technique tutorial filter pecl pear auth mcrypt



Community Events





Don't see your event here?
Let us know!


laravel tool version introduction install package series update language podcast release library interview voicesoftheelephpant symfony community opinion composer security framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework