PHP Security

Using Grep to Find Security Vulnerabilities in PHP code

2013-05-07T08:50:47Z

Using Grep to Find Security Vulnerabilities in PHP code

By Ryan Dewhurst

Finding all security vulnerabilities in a piece of code may be hard as it requires in depth analysis of what the code does. However, simple security vulnerabilities follow certain code style patterns that are easier to find with simple search tools.

Read this article to learn how you can find certain types of security vulnerabilities very quickly using the grep program.

Making the Web Faster with HTTP 2 Protocol

2012-05-03T13:24:10Z

Making the Web Faster with HTTP 2 Protocol

By Manuel Lemos

The HTTP protocol version 2.0 is in the process of being defined. There was a call for proposals and several researchers submitted specifications and ideas that can make the Web faster and better in several other aspects.

Read this article to learn about the details of these proposals and what Web developers can expect to prepare to take advantage of the planned improvements of the HTTP 2.0 protocol.

Is PHP Source Quality really Good or is it still Insecure? - Lately in PHP podcast episode 21

2012-03-01T06:17:33Z

Is PHP Source Quality really Good or is it still Insecure? - Lately in PHP podcast episode 21

By Manuel Lemos

A study from Coverity claims that the source code of Open Source projects such as PHP has a low defect rate.

Meanwhile, a few weeks ago, the security expert Stefan Esser claims that PHP source security bug prevention has a lot to be desired because PHP core developers do not have the habit of using source code auditing tools to prevent security bugs.

The matter of the PHP source code quality and security bug prevention was one of the main topics discussed by Manuel Lemos and Ernani Joppert in episode 21 of the Lately in PHP podcast.

Among other interesting topics, they also discuss the new features of Apache 2.4 and whether it is already possible for PHP sites to take advantage of this new Apache release.

Listen to the podcast now or read the transcript to learn about these and other interesting PHP related topics.

Another Serious Security Bug on PHP 5.3.9

2012-02-03T05:59:16Z

Another Serious Security Bug on PHP 5.3.9

By Manuel Lemos

PHP 5.3.9 release was mostly meant to fix a security bug, but it introduced a new more serious bug. PHP 5.3.10 was just released to fix this issue.

Meanwhile Debian Linux maintainers decided to stop enabling the Suhosin extension by default. This extension is used by several Linux distributions to provide protection against present and future security bugs of PHP.

Read this article to learn more about the just fixed bug what you should do to avoid these security issues. You can also learn more what is the current PHP security status and the importance of the Suhosin extension to prevent PHP security problems.

PHP Vulnerability May Halt Millions of Servers

2012-01-12T11:56:22Z

PHP Vulnerability May Halt Millions of Servers

By Manuel Lemos

A security vulnerability found in PHP and many other programming languages may allow attackers to halt servers with vulnerable PHP installations.

Read this article to learn more about this vulnerability and what you can do to avoid that your servers running PHP may be brought down due to this problem.

Single Sign-On authentication using OpenID and other security measures

2010-08-13T07:18:16Z

Single Sign-On authentication using OpenID and other security measures

By Manuel Lemos

The authentication of the PHPClasses site users will be changed to work in a separate site. It will use the OpenID protocol, so you do not have to create a new account to access other sites.

This article explains better what this means in practice and how it will affect the site users.

Several new measures were implemented to provide better security to protect user accounts and prevent eventual security exploits. Advice is provided to PHP developers in order to apply similar measures to take better care of the security of their sites.

HTML 5 for a better Web

2009-07-06T09:40:55Z

HTML 5 for a better Web

By Manuel Lemos

The HTML 5 will definitely contribute to a better Web. Despite its specification is still being drafted, several browsers like Firefox 3.5, Internet Explorer 8, Safari 4, Chrome 2 and Opera 10 already implement a significant part of the current HTML 5 specification.

This article reviews a bit of the history of how we got to HTML 5 and presents an overview of the enhancements that HTML 5 introduces to provide a better Web.

It also presents a reflection about whether HTML 5 will render useless browser extensions like Flash, Silverlight and Java.

10 steps to migrate Web site servers with the least of problems

2009-01-30T08:43:39Z

10 steps to migrate Web site servers with the least of problems

By Manuel Lemos

Sometimes you need to migrate a site between two servers. This article provides advice about which steps a server migration procedure should follow to prevent the problems that may happen.

PHP security exploit with GIF images

2007-06-20T01:36:26Z

PHP security exploit with GIF images

By Manuel Lemos

This post talks about a PHP security exploit that can be performed using specially crafted GIF images that embed malicious PHP code. Advice is given on what to do and to not do to avoid the problem.

8 defensive programming best practices to prevent breaking your sites

2007-04-25T05:17:00Z

8 defensive programming best practices to prevent breaking your sites

By Manuel Lemos

This article describes software development practices that have been used to prevent problems that can break Web sites.

This message also explains recent changes that were made to the site newsletter user options to reduce the site bandwidth usage to keep the hosting costs on budget.