News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHPClasses.org:
Is Your OAuth 2.0 Application Secure?
May 26, 2014 @ 11:29:39

The PHPClasses.org blog has a new post highlighting a vulnerability in the OAuth 2.0 specification that's been talked about quite a bit lately, the Covert Redirect Vulnerability. This issue allows potential attackers to trick users into redirecting to malicious sites and possibly gain access to personal information.

This vulnerability affects applications that implement protocols like OAuth 2.0 and OpenID. Lets see how this affects an OAuth 2.0 application. [...] The way it works is that your application redirects to a specific page of the Facebook site. There the user is asked if he wants to give your application permission to access Facebook API on his behalf. After the user agrees, his browser is redirected back to your site to a URL that your application specified called redirect_uri. From then on your site completes the process to get a special access token string that will be used by your site to access Facebook API on behalf of the user.

This token represents the user and can then be used to access the user's account. If that token fell into the wrong hands, they could access data they shouldn't. He includes a diagram of the flow and a link to a video explaining the problem in a bit more depth. He recommends three ways to help prevent this issue and what to look for in your implementation that could leave you vulnerable.

0 comments voice your opinion now!
oauth2 security redirect uri malicious attack

Link: http://www.phpclasses.org/blog/package/7700/post/4-Is-Your-OAuth-20-Application-Secure.html

Adam Trachtenberg's Blog:
PHP Trivia Contest DOM + Default Namespaces
September 27, 2006 @ 07:25:00

Alright power PHP users out there, Adam Trachtenburg has a little quiz for you to see how much you know about working with the DOM in PHP.

Here's a question based on a recent PHP bug report which shows why DOM is fun. [...] But how do you retrieve it (the namespace URI of the root node) using DOMElement::GetAttributeNS()? What are the two magical input parameters to coax that value out?

The code is simple, but it's an interesting problem - anyone have any answers?

0 comments voice your opinion now!
trivia contest dom handling namespace uri root node trivia contest dom handling namespace uri root node


Jonnay's Blog:
REST and URI Names
April 27, 2006 @ 06:53:22

On his blog, Jannay briefly shares some of REST and PHP after reading an older post on the SitePoint PHP blog.

I've been reading this blog over at sitepoint about Who Gets Rest by PHP heavy Harry Fuecks. It is a fairly link-heavy top level view of what REST is.

Its nice to see more the PHP guys get into REST, as far as PHP guys go, Harry is pretty Heavy. What harry has to say about URI naming schemes (especially in the comment section) really helped to gel a very important part of REST for me.

He comments that Harry's ideas about seperation of "tools" from the resources they work with is a very appealing idea, and one that would allow much more flexibility in PHP applications.

0 comments voice your opinion now!
rest uri names sitepoint seperate resource tool uri rest uri names sitepoint seperate resource tool uri



Community Events





Don't see your event here?
Let us know!


configure wordpress release community interview list developer code threedevsandamaybe podcast api language introduction install framework project application library bugfix series

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework