Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthew Weier O'Phinney:
Secure PHAR Automation
Dec 15, 2015 @ 12:32:54

There's always been an issue with the creation of Phar packages in PHP and the security around them. There's been recommendations about creating signatures and only using secure connections for updates and rollbacks. Unfortunately there isn't an overly easy way to handle this yet. However, Matthew Weier O'Phinney has written up a post showing his workflow for doing these kinds of things, making use of the Box project to help with some of the more detailed parts.

For a variety of reasons, I've been working on a utility that is best distributed via PHAR file. As has been noted by others (archive.is link, due to lack of availability of original site), PHAR distribution, while useful, is not without security concerns, and I decided to investigate how to securely create, distribute, and update PHAR utilities as part of this exercise.

This is an account of my journey, as well as concrete steps you can take to secure your own PHAR downloads.

He starts by outlining the "roadmap" of the features he wants to include and the steps to take to create this more secure phar archive. It includes the use of both current, local tools and services (like Box and GitHub pages). He then walks through the steps in the full process:

  • Create an OpenSSL Key
  • Use Box to create the PHAR
  • Generate a version file
  • Create the gh-pages branch
  • Write self-update/rollback commands
  • Enable Travis-CI for the repository
  • Create an SSH deploy key
  • Archive and encrypt the secrets
  • Write a deployment script
  • Add the script to travis

While this seems like a lot of steps to just get a more secure phar set up, Matthew has done the hard work for you here and includes all of the commands, configuration examples and steps you'll need to take to fully set the process up. If all goes well, his example in his last "push and watch it work" section will go off without a hitch.

tagged: phar archive security signed https update rollback travisci tutorial

Link: https://mwop.net/blog/2015-12-14-secure-phar-automation.html

Thilanka Kaushalya's Blog:
How to use Mysql Transactions with PHP
Mar 20, 2012 @ 13:04:37

In this recent post to his blog Thilanka Kaushalya shows how to use transactions in MySQL databases (using mysqli

Web applications are more popular today than ever with the increasing number of internet users. Most of the standard alone applications converted as web based applications or at least they try to provide a web interface for users. PHP and Mysql are two leading technologies which allow uses on rapid development of web based systems. "Transaction" is a powerful concept which comes with Mysql 4.0 and above versions. Lets explore that.

He introduces the concept of transactions first, providing an example of a bank transfer between two individuals. He uses this to create a simple code sample that turns off the autocommit for the connection (using mysqli_autocommit set to false) and running the SQL in order before the commit. He also includes an example of using the rollback function to return the data back to its original state if there's an error.

tagged: mysql transactions mysqli tutorial rollback

Link:

Cal Evans' Blog:
Only YOU can prevent web failures
May 03, 2010 @ 09:37:20

Cal Evans has a reminder to all of the businesses out there that have sites and use web site hosting services - only you can prevent web failures and potentially alienate customers.

Last night I wrote the info@ email address on a website and asked a questions about their product. They politely responded with two links to their website. This morning however, when I went to visit them, I was greeted with the message above. It’s now three hours later and the site is still "experiencing difficulties". [...] This problem can be prevented by business owners insisting on – and paying for – “Best Practices” in their software vendors.

He offers a few suggestions to businesses to help prevent this sort of (catastrophic?) failure for their businesses including having a rollout and rollback plan and having a good set of tests to make doubly sure things work before the code even meets the public.

tagged: failure company webhost unittest rollback

Link:

DevShed:
Implementing the commit() and rollback() Methods with mysqli and PHP 5
Jul 08, 2006 @ 09:53:46

Continuing on with their "mysqli in PHP5" series, DevShed has posted part two highlighting the commit and rollback functions - their use and functionality.

This is the second part of the series "Using mysqli with PHP 5." Welcome back. In three tutorials, this series shows how to use the most important methods and properties included in the "mysqli" extension that comes with PHP 5, in order to take advantage of the new features bundled with MySQL 4.1 and above.

In part one they introduced the extension, providing the background for those just joining in. In this latest part, they take it to the next level and talk about these new handy functions - one to save the updates/additions you're making to the database and the other to undo those changes quickly and easily. As always, there's plenty of examples, explainations, and code to go around.

tagged: mysql commit rollback mysqli php5 tutorial mysql commit rollback mysqli php5 tutorial

Link:

DevShed:
Implementing the commit() and rollback() Methods with mysqli and PHP 5
Jul 08, 2006 @ 09:53:46

Continuing on with their "mysqli in PHP5" series, DevShed has posted part two highlighting the commit and rollback functions - their use and functionality.

This is the second part of the series "Using mysqli with PHP 5." Welcome back. In three tutorials, this series shows how to use the most important methods and properties included in the "mysqli" extension that comes with PHP 5, in order to take advantage of the new features bundled with MySQL 4.1 and above.

In part one they introduced the extension, providing the background for those just joining in. In this latest part, they take it to the next level and talk about these new handy functions - one to save the updates/additions you're making to the database and the other to undo those changes quickly and easily. As always, there's plenty of examples, explainations, and code to go around.

tagged: mysql commit rollback mysqli php5 tutorial mysql commit rollback mysqli php5 tutorial

Link: