Rob Allen has shared a few Phing tips in the latest post to his site today. Phing is a PHP-based automation tools most popularly used for the deployment and configuration of PHP applications.

Following on from my last post, here's a few other Phing things that I've found helps me.

He shares three short but useful tips:

• Hiding targets from Phing -l
• Main target vs subtarget
• List available targets by default

Each tip includes the XML markup you'll need to make it functional. You can find out more about Phing and what it's capable of on its website.

On PHPMaster.com today there's a new tutorial posted about using the Phing build tool to automate a process, usually a build for a website launch. In his example, he shows a simple "Hello World" example and how to work with multiple targets in the same build file.

Phing is a PHP project build tool based on Apache Ant. A build system helps you to perform a group of actions using a single command. [...] Phing helps overcome [human error] issues by automating tasks like running unit tests, applying database changes, deploying application code, etc. In this article I’ll show you some of the basics of working with Phing.

He includes the commands you'll need to install Phing (if it's not already) via the PEAR installer and a basic "build.xml" file. He explains the parts of the file - tags for "project", "target" "echo" and "property - and includes a more complex build example with multiple targets (and how to call one specifically from the command line).

From the Web Development Blog, there's a quick tutorial posted about using the PHProxy package and ip2nation tool to save you some money on your bandwidth bills each month.

If your website becomes a little busy the websites bandwidth becomes very valuable. If your visitors using too much bandwidth and the conversions from your website are very low or just moderate, it’s possible that you get broke with also a good internet website project.

Their solution uses the PHProxy functionality and the IP address information (database dump) from ip2nation to create targeted user content. They include the setup for the proxy as well as some code that will need to be inserted to use the ip2nation data. Last but not least, there's also the code to insert into the page and make the magic happen.

From the Web Development Blog, there's a quick tutorial posted about using the PHProxy package and ip2nation tool to save you some money on your bandwidth bills each month.

If your website becomes a little busy the websites bandwidth becomes very valuable. If your visitors using too much bandwidth and the conversions from your website are very low or just moderate, it’s possible that you get broke with also a good internet website project.

Their solution uses the PHProxy functionality and the IP address information (database dump) from ip2nation to create targeted user content. They include the setup for the proxy as well as some code that will need to be inserted to use the ip2nation data. Last but not least, there's also the code to insert into the page and make the magic happen.

In a new post on his blog, Christian Wenz mentions the latest results of the SANS Institute's Top 20 Internet Security Attack Targets list which both includes a new entry ("Users") and several mentions of PHP and PHP-related applications.

Of course you can debate how such a Top list came together and what the real value behind that is, but there are two specific points in this year's list that I found quite interesting.

There's two targets for the PHP community to worry about - sysadmin/hosting and things developers need to keep in mind. Items on these lists include:

• Always test and deploy patches and new versions of PHP as they are released
• Use Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Consider using Apache's mod_security to block known PHP attacks
• If you use PHP, migrate your application to PHP 5.2 as a matter of urgency.
• Encode all output using htmlentities() or a similar mechanism to avoid XSS attacks

In a new post on his blog, Christian Wenz mentions the latest results of the SANS Institute's Top 20 Internet Security Attack Targets list which both includes a new entry ("Users") and several mentions of PHP and PHP-related applications.

Of course you can debate how such a Top list came together and what the real value behind that is, but there are two specific points in this year's list that I found quite interesting.

There's two targets for the PHP community to worry about - sysadmin/hosting and things developers need to keep in mind. Items on these lists include:

• Always test and deploy patches and new versions of PHP as they are released
• Use Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Consider using Apache's mod_security to block known PHP attacks
• If you use PHP, migrate your application to PHP 5.2 as a matter of urgency.
• Encode all output using htmlentities() or a similar mechanism to avoid XSS attacks

Builder.com has a new tutorial posted today about the use of the PEAR Net_GeoIP package to help with the geo-location of the visitors to your website.

Ever wondered how sites like Google and Yahoo! always seem to know which country you're in, and automatically redirect you to the most appropriate country sub-site? Or how some Web sites display advertisements perfectly targeted to your city or region? Well, it isn't magic -- these sites are simply mapping your IP address to a geographical database to identify your location, and then using this information to send you precisely-targeted data.

They work through the steps to get it up and working - the installation, a few basic code examples to show how to use it, and a full example of how to target different areas with different kinds of ads (geographically-targeted advertising).

Builder.com has a new tutorial posted today about the use of the PEAR Net_GeoIP package to help with the geo-location of the visitors to your website.

Ever wondered how sites like Google and Yahoo! always seem to know which country you're in, and automatically redirect you to the most appropriate country sub-site? Or how some Web sites display advertisements perfectly targeted to your city or region? Well, it isn't magic -- these sites are simply mapping your IP address to a geographical database to identify your location, and then using this information to send you precisely-targeted data.

They work through the steps to get it up and working - the installation, a few basic code examples to show how to use it, and a full example of how to target different areas with different kinds of ads (geographically-targeted advertising).

According to this new article from Netcraft, PHP applications are becoming more and more at risk for hacking attempts.

Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.

While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.

They go on to talk about the growth of CMSs that PHP has fueled - both the good and the bad - and how a less than religious application of patches to those CMSs can cause big headaches down the road.

It is good, though, that they make the distinction:

Most of the security issues with PHP-driven programs are found not in PHP itself, but rather in the libraries and applications built atop the server-side scripting language.

According to this new article from Netcraft, PHP applications are becoming more and more at risk for hacking attempts.

Security holes in PHP-based content management and forum apps are an increasingly active front in Internet security, as hackers target unpatched weaknesses. The latest example is Monday's hack of chip maker AMD's customer support forums, in which an older version of Invision Power Board was compromised and used to distribute malware using the Windows Metafile (WMF) exploit.

While Windows flaws like the WMF vulnerability are useful to hackers assembling armies of compromised desktop computers, security holes in PHP applications provide access to more powerful servers hooked directly to high-speed network connections.

They go on to talk about the growth of CMSs that PHP has fueled - both the good and the bad - and how a less than religious application of patches to those CMSs can cause big headaches down the road.

It is good, though, that they make the distinction:

Most of the security issues with PHP-driven programs are found not in PHP itself, but rather in the libraries and applications built atop the server-side scripting language.