A quick note to anyone building PHP with cURL or http extension support as well as one of the MySQL extensions (mysql, mysqli and pdo_mysql). The MySQL binaries found on mysql.com are built against yaSSL as opposed to the more common openssl against which libcurl (usede by cURL and HTTP extensions) is linked. The conflict between the two libraries causes curl initialization of the SSL layer to fail preventing startup of the PHP extensions. To fix this problem you can either use older mysqlclient binaries (5.0.18 works) or compile MySQL yourself against openssl, either of these two will allow a working build of PHP with MySQL and curl support.

After what seems like forever, I guess the number 13 living up to its name, PHP 5.1.3 is finally out of the door. As always when we have a slow release the number of changes is quite impressive, this time being no different. This release includes over 120 bug fixes, addresses a whole bunch of security issues and even includes a few new features, what more could you ask for ;-). To download the release go here: http://www.php.net/downloads.php and the highlights of the release can be found here: http://www.php.net/release_5_1_3.php If you want the full, unfiltered list of change it is also available and can be found here: http://www.php.net/ChangeLog-5.php#5.1.3

The slides from PHP|Tek are now up. The Security Tutorial slides can be found here and the PDO Introduction slides can be found here, to all attending thank you for listening and hopefully at-least a bit of the content was interesting and useful ;-)

Finally got a few moments to recap the PHP Quebec 2006 Conference, which as usual, was a great success and a great deal of fun. I’d like to thank the organizers for doing an amazing job and bringing a great group of people together from both the development and user communities. My talks during the conference went quite well, and I am especially happy with the PDO talk, this topic seemed of particular interest to the audience and I hope we’d get a couple of new PDO users out of it ;-) The slides from my talks are now available online and can be found here: PHP Security: PowerPoint || PDF Introduction to PDO: PowerPoint || PDF

Chris Schifflet has transferred me the reigns of the PHP|Architect's Security Corner; hopefully I will be able to keep up with the tradition of interesting and informative articles on the topic of PHP Security. The first issue was released on March 20ths and takes you on a road of discovery about Cross-Site Request Forgery (CSRF). My approach was to identify the various means of exploitation possible via CSRF and the possible dangers it presents. By taking this approach not only can the uniqueness of the attack's approach can be demonstrated, but the hacking methodologies used by malicious users can seen as well. In my mind, understanding of the problem is half the solution, of course the other half involving prevention techniques design to avert CSRF are covered as well. If you are interested in learning more about CSRF you may want to grab an issue of the magazine.