PHPDeveloper: PHP News, Views and Community

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

NetTuts.com: How to Create a PyroCMS Theme

Gonzalo Ayuso: Google App Engine, PHP and Silex. Setting up a Login Provider

Michelangelo van Dam: Survived php tek 2013

Community News: Packagist Latest Releases for 05.21.2013

Community News: Latest PECL Releases for 05.21.2013

Symfony Blog: New in Symfony 2.3: Small things matter

PHP Town Hall Podcast: Episode #7 - Web Sockets Are Fast

7PHP.com: Know Thy PHP User Group Know The Leeds PHP User Group (LeedsPHP)

Andrew Podner: Functional Testing to Improve Quality Assurance (part 1)

Community News: Packagist Latest Releases for 05.20.2013

feed this:

Job Posting:
MODE Visual Seeks PHP Developer (Charlotte, NC)

by Chris Cornutt February 01, 2008 @ 13:31:38

Company	MODE Visual
Location	Charlotte, NC
Title	Web Developer
Summary	We're looking for a full-time onsite Web Developer with a focus in PHP. Alongside our Director of Technology, you will be driving a variety of web development projects combining front and back-end programming for national clients. We are a small design and interactive studio so there is tremendous opportunity for growth and diverse work for national clients and innovative brands. Tech Details You should be a person who constantly desires to stay up-to-date on development trends, technologies and innovations. You should be an expert in PHP/MySQL development in an MVC framework. You'll distinguish yourself if you have in-depth knowledge of multiple languages, platforms and technologies including: ASP.NET (2.0+) JAVA MySQL Javascript (AJAX) XHTML / CSS Actionscript Version control (Subversion/Git) Other capabilities and experiences that are desired include: eCommerce experience, a web design sensibility, Flash skills and comfort with the Adobe CS Suite. Responsibilities Develop, maintain and support large, high-availability, web based internal applications and reporting tools; support high-traffic commercial websites Interest in creating the next generation of interactive media applications Research new platforms and architecture to support current and future business requirements Ensure consistency and adherence to MODE's standards, processes, and policies for all projects. Required Skills 2+ years web development experience experience in client facing communications Computer Science degree or equivalent experience Excellent analytical/problem solving skills, ability to think creatively and solve complex technical problems Quality oral/written communication and interpersonal skills in order to effectively partner with the technologies and business communities Ability to develop a clear understanding of client needs and plan applications to meet their needs. As a MODE team member, you'll be rewarded with: A fun, friendly work environment Competitive salary commensurate with experience Casual dress code Performance-based bonus Generous paid vacation (19 floating days, 6 holidays) 100% employee covered medical benefits Possible relocation assistance Great North Carolina weather If interested we ask that you write a cover letter including the following: Why you are right for our position Your salary requirements A set of 3 urls that demonstrate work you are most proud of including a brief description of your role on each project Please send your cover letter and resume to jobs@modevisual.com with subject "Web Developer".
Link	More Information

0 comments voice your opinion now!
job post mode visual charlotte nc developer web job post mode visual charlotte nc developer web

Tobias Schlitt's Blog:
Taint mode for PHP?

by Chris Cornutt December 19, 2006 @ 11:03:00

Tobias Schlitt has a great (long) post responding to a proposal made on the php.internals mailing list for the inclusion of "taint mode" in upcoming PHP versions.

Tobias starts with an overview of what "taint mode" is so that everyone's on the same page. His example involves the incoming and outgoing data usually involved in an application and how the incoming can be the most problematic when it comes to the values inside. This is where taint mode can come to the rescue. At its most basic level, it's a method for, assuming everything coming in is "tainted", creating a mechanism to automatically clean the data before it's even touched.

With the basics down, Tobias looks back to the proposal for a few additional comments. He considers the proposal a great way to introduce the functionality to the language. There are some draw backs he mentions, though, including the additional overhead of working through every inputted value.

Overall, I think this whole thing would be a great addition to PHP and I hope this could come for 6.0. What do you think?

You can also check out some other opinions on the matter:

"Tainted mode" pour php on the Kamelot Blog

0 comments voice your opinion now!
taint mode proposal basic insecure data opinion response taint mode proposal basic insecure data opinion response

PHP 10.0 Blog:
Production mode

by Chris Cornutt December 18, 2006 @ 08:43:00

In an effort to get some thought going about ways to encourage security in PHP applications, Stas has posted an idea about a simplified php.ini setting - production=On.

His idea is that, with this setting on, the PHP installation would:

disable display errors
disable phpinfo()
turn expose_php off
make max_execution_time/memory_limit reasonable
and possibly a few others that some developers forget to set correctly

Comments on the post range from disagreement to suggestions on improvement and support.

0 comments voice your opinion now!
production mode phpini setting phpinfo exposephp displayerrors production mode phpini setting phpinfo exposephp displayerrors

PHP Security Blog:
The Suhosin Patch, File Uploads, and Stealth Mode

by Chris Cornutt December 05, 2006 @ 10:02:00

On the PHP Security Blog, there's two new posts concerning their Suhosin patch for PHP - one talking about a remote code execution vulnerability found in the uploadprogressmeter extension (which as already been corrected) and the other dealing with the "stealth mode" of the patch to find compatibility problems.

As mentioned, the issue with the uploadprogress extension has been fixed and as been introduced into the PECL repository. The other post just mentions what the patch is doing to try to keep compatibility problems from happening due to back extensions and/or modules being loaded in an application.

More details about the Suhosin patch can be found here.

0 comments voice your opinion now!
stealth mode suhosin patch fileupload pecl extension module stealth mode suhosin patch fileupload pecl extension module

Pierre-Alain Joye's Blog:
Windows fixes release for Zip, fopen(,"rb") may not be binary safe

by Chris Cornutt November 28, 2006 @ 07:13:09

A new release of the Zip PECL package has been made according to this post on Pierre-Alain Joye's blog today. The main update in this release is to counteract a Windows bug that's interfering with binary file opens.

The issue is actually a windows bug. No matter if I give or not the "b" flag to fopen, the write operations are not binary safe. It seems to be a known issue as many projects use the same trick.

The problem comes up when PHP forces the binary mode in SAPI and CLI, making the binary writes to a file non-binary safe no matter what. Pierre is also asking for help from anyone out there with any information/bug reports/references about this issue that would yield something useful.