lchash is a little PHP extension that you can find at http://pecl.php.net/package/lchash which provides means of accessing and using native hash tables found in libC. The interface is really simple involving just 4 functions: lchash_create() - initialize a new hash table lchash_destroy() - destroy a hash table lchash_insert() - insert key/value pair into the hash lchash_find() - retrieve a values based on key By using this mechanism you can create a very fast and effecient memory-based data store for a script's duration.

About five months ago, during yet another flood of phpBB2 exploits Marco Tabini approached me with an idea of writing a security book for PHP. The idea was to provide a guide for people who want to make their applications safer as well as help them understand the possible consequences of various exploits. I thought the idea was quite appealing, a feeling a bit confident after a fairly extensive article authorship decided to take up the task. And so, for the next several months I was focused on effectively doing a brain dump of my knowledge on security. The process was extremely educational, since to explain any concept a far greater knowledge then the one needed to simply apply a fix is required, plus writing a book as I have learned is just “a tad” :-) more complex then an article. But with the help of Marco, my technical reviewer and Martin Streicher who has done a tremendous job at cleaning up my ranting, I think we've got an excellent PHP security resource. The book itself is 201 pages, a bit longer t...

After a fairly short incubation period, 2.7.0 final is now available for download. Installation Script Upgrade Script The release was made a bit faster then anticipated in response to a rather serious security problem found in the uploaded avatar handling code. All who use FUDforum and allow forum members to upload custom avatars are encouraged to upgrade immediately. The details of the exploit are not being released at this time, but believe me when I say that the problem is quite serious and you should most definitely upgrade if you use the uploaded avatar functionality. Aside from the fix for the security problem, this release integrates a number of other changes and improvements, in particular a much improved in terms of speed forum topic view generation code. The list below inclidues the changes found in the final, that were not present in RC1. Fixed a number of edge cases where E_NOTICE warnings may be generated. Unify SQL error handling. A number of PostgreSQL fixes and computabil...

While on my daily news crawl, I came across a site (http://gdataonline.com/seekhash.php) offering a free and very quick service designed to decode md5 hashes. The principal used here is a dictionary attack; the operators of the site build a reasonably large, 12 million & counting, database of hashes and their corresponding values. All you need to do is specify a hash and if they got it in their database in less a then a second you get to see its corresponding value. While compromising weak hashes via dictionary attacks was never that hard, it did require wasting some time and processing power in application such as John the Ripper (http://www.openwall.com/john/) trying to find the equivalent value. Now, you can do it quite effectively (I’ve tried) via this online tool in fractions of a second. Given that many PHP applications (my own included) store passwords as hashes rather the clear-text, it now raises the needed to encourage users to be a bit more creative with their password strings. Use of high-ASCI...

Came across a rather “interesting” peculiarity in PHP, which affects mathematical operations involving floating point numbers. Before getting into the details, let me introduce you to the problem I was trying to help a friend solve. The goal was to take an arbitrary floating point number, let’s say 1.841243, and convert it to a whole number where decimal points became part of the whole, so 1.8432432 would become 18432432. The first solution was a very simple scriptlet, which if C has taught us anything should’ve worked. [php] $a = 1.8432432; while ((int)$a != $a) $a *= 10; [/php] This code relies on 2 premises, which are true in PHP: 1) Casting a float to an int, results in a drop of decimal points. (Ex. (int) 1.8432432 => 1) 2) By multiplying value by 10, all decimal places will eventually be gone and (float)$a will equal (int)$a. While both premises are true, the above code does not work, in fact, it results an unterminated loop, YIKES! Quick confirmation with C code, included below, re-affirms th...