|
|
Friday, September 23. 2005FUDforum 2.7.3RC1 Released
It is that time of year again! No, its not Christmas it is time for yet another FUDforum release
 . As usual we start with RC1 and follow it up with the stable final in short order.This release is going to be a mostly bug fix oriented version with a number minor features enchantments. You can download the installer or upgrade script at the listed links. If you don't want to read the complete changelog (whole 19 entries of it listed below) here are some highlights.
Continue reading "FUDforum 2.7.3RC1 Released" Tuesday, September 20. 2005PDO Constructor Overloading
As of few minutes ago PDO extension allows constructor overloading, which is something a lot of people had asked for. This means that you can do things like this:
PHP: Keep in mind that if you don't call the original PDO constructor via parent::__construct() an error will be generated, so exercise caution when using this feature. Monday, September 19. 2005Big PDO Change
Today I've had the distinct pleasure of breaking nearly every single PDO based script in existence (my own code included), feels good
. The break is the result of something that we, the PDO developers forgot to do. This being making PDO constants be class constants rather the polluting the main constant space. After much discussion on the topic at PHP|Works we've decided we need to fix this before it is too late (5.1 final release). So a bit of a pain at this time, should provide for a more robust and flexible interface. What does this mean in terms of your code? Well whenever you've used a PDO constant for example PDO_FETCH_NUM you'd now use PDO class constant PDO::FETCH_NUM. To simplify the conversion I offer the following Perl scriptlet: perl -p -i -e 's/PDO_/PDO::/g' [list of files] Friday, September 16. 2005PHP|Works Webservices Slides
For all who are intrested here are the slides from my webservices talk, as usual they are available in PDF and Powerpoint form.
Enjoy Thursday, September 15. 2005PHP|Works Performance Talk Slides
The slides from PHP|Works performance talk are now up, they are available in either PDF or PowerPoint form.
Thursday, September 15. 2005PHP Security Slides Online
Slides for the PHP Security talk at PHP|Works are now up. You can download them in either PowerPoint or PDF form.
More to come shortly
Wednesday, September 14. 2005lchash 0.9.1 released
lchash is a little PHP extension that you can find at http://pecl.php.net/package/lchash which provides means of accessing and using native hash tables found in libC. The interface is really simple involving just 4 functions:
lchash_create() - initialize a new hash table lchash_destroy() - destroy a hash table lchash_insert() - insert key/value pair into the hash lchash_find() - retrieve a values based on key By using this mechanism you can create a very fast and effecient memory-based data store for a script's duration. Tuesday, September 6. 2005PHP Guide to Security is out!
About five months ago, during yet another flood of phpBB2 exploits Marco Tabini approached me with an idea of writing a security book for PHP. The idea was to provide a guide for people who want to make their applications safer as well as help them understand the possible consequences of various exploits. I thought the idea was quite appealing, a feeling a bit confident after a fairly extensive article authorship decided to take up the task.
And so, for the next several months I was focused on effectively doing a brain dump of my knowledge on security. The process was extremely educational, since to explain any concept a far greater knowledge then the one needed to simply apply a fix is required, plus writing a book as I have learned is just “a tad” more complex then an article. But with the help of Marco, my technical reviewer and Martin Streicher who has done a tremendous job at cleaning up my ranting, I think we've got an excellent PHP security resource. The book itself is 201 pages, a bit longer then anticipated, but gave me the opportunity to cover each topic in a fair amount of detail. Table of Contents
The goal of the book is to introduce each type of vulnerability and to explain in greatest amount of detail possible what can lead to it and what are the possible consequences. In my opinion before solving any problem you should have a full understanding of it, so that the fix ends up addressing the cause and not the symptoms. As far as consequences go, it is imperative to know why a problem needs to be fixed and not allowed to linger. If you’ve ever came across a situation where someone dismissed cross site scripting (XSS) or other security problem as a non-issue, this book will serve as an excellent resource in demonstrating how even the most "trivial" exploits can be abused to great effect. Not to leave you handing so to speak, the book also spends a fair amount of time talking about possible solutions to each problem and provides deployable solutions for each one. In addition to talking about specific security issues, it is my sincere hope that it will encourage developers to think about security when designing and auditing their applications and ultimately lead to a better and a far more secure code. At the present time the book is available via phparch.com website in both paper and electronic forms, and will shortly (within 1-2 weeks) appear on Amazon and Barnes & Noble, ISBN: 0-9738621-0-6. I should mention that the 1st 300 copies sold will be signed, so if you want my doodling  on your copy, hurry up and buy it.
|
|
