PHP Classes
PHP Classes
elePHPant
Icontem

Making PHP 7.2 More Secure with LibSodium Extension - 5 Minutes Lately in PHP podcast episode 80

Recommend this page to a friend!
  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog Making PHP 7.2 More S...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  

Author:

Updated on: 2017-03-08

Posted on:

Categories: Lately in PHP Podcast

Many PHP developers still use the mcrypt extension for encrypting and decrypting data. However, that extension is based on a C library that is not being maintained anymore by its developers. PHP applications are at risk of being exposed to eventual vulnerabilities that may be discovered in mcrypt but its developers will not fix them.

A better alternative is to use the LibSodium extension proposed by the security expert Scott Arciszewski to become part of the core PHP distribution since PHP 7.2.

This was one of the main topics discussed by Manuel Lemos and Christian Vigh (the PHP Innovation Award Winner of the Year of 2016) on the episode 80 of the Lately in PHP podcast.

In this episode they also talked about other proposals for future PHP versions like improving the mail() function with options passed using the 5th parameter, final modifier for class constants, type hinting for static objects, using namespaces for global functions, type hinting for arrays with values of the same type .

This article also contains a podcast summary as a text transcript and a 5 minute video of the summary.

Listen to the podcast, or watch the hangout video, or read the transcript text to learn more about these interesting PHP topics.




Contents

Introduction (0:17)

Transcript Summary (2:33)

PHP 5.6.30, 7.0.15, 7.1.1 released (8:06)

Proposal: Improving mail() 5th parameter handling (13:42)

Proposal: Class Constant Finalization (19:30)

Proposal: Allow "static" type (20:53)

Proposal: Not autoloading functions (24:05)

Proposal: Type Collection (26:41)

RFC: libsodium in PHP 7.2 (33:37)

JavaScript Innovation Award Winners of November 2016 (37:28)

JavaScript Innovation Award Rankings of 2016 (42:50)

PHP Innovation Award Winners of November 2016 (46:35)

PHP Innovation Award Rankings of 2016 (52:58)

Conclusion (56:00)


Contents

Transcript of the summary

Listen or download the podcast, RSS feed and subscribe in iTunes

Watch the podcast video, subscribe to the podcast YouTube channel

Transcript Summary

As usual we start to talk about the versions of PHP. There was one more version of the PHP 5.6 despite it is already past the end of support for existing features. It will only get updates for security fixes. And there is also an update for PHP 7 and PHP 7.1. But we'll talk more about it later when you get into the details.

Next we start talking about the proposals of this month. Right here we are seeing a proposal actually a discussion for something to make the PHP mail() function better by changing the handling of the 5th parameter. It seems that the proposal is to have options using the 5th parameter that usually as specified it is a string but you could use an array with option values that would allow to have many more options.

Next we talk about a proposal from Scott Arciszewski regarding class constants now that we have public, protected, or private, he is proposing also to declare some constants as final so this would prevent that the sub-classes would change the value of the constant.

Next there is a proposal for static type hinting. This is a bit confusing proposal but I guess the author is proposing to have type hinting for some class function parameters and return values to pass static objects. We will get back to this topic in more detail but this is one confusing proposal probably because the proponent thinks classes are objects in PHP and I think PHP is not like other languages that have that concept.

The next proposal is to allow to import namespaces for global functions just like you have for the classes. You can have classes in namespaces then you use some namespace definition and you just specify the function by name and not the whole qualifier with path with the namespace.

The next proposal is to have typed collections which basically would be arrays that would have to be inforced in a way that all elements of the array have the same type. I think this has already been proposed before somehow, so this is probably a variant of a similar proposal in the past.

The next proposal which is actually the last that we will discuss that is the resurrecting of a RFC to add libsodium as core extension of PHP 7.2.

libsodium is an extension for implementing security operations like encryting, decrypting, hashing and so on. And the idea is to make it a core extension for PHP 7.2 but while that does not happen the author is already providing a polyfill in PHP that provides the same functions but in pure code, so you do not have to rely on the PECL extension be made a core extension and the polyfill extension is here.

Click on the Play button to listen now.


Download Size: 49MB Listeners: 861

Introduction music Harbour used with explicit permission from the author Danilo Ercole, from Curitiba, Brazil

View Podcast in iTunes

In iTunes, use the Subscribe to Podcast... item of the Advanced menu, and then enter the URL above to subscribe to this podcast.

Watch the podcast video

Note that the timestamps below in the transcript may not match the same positions in the video because they were based on the audio timestamps and the audio was compacted to truncate silence periods.

See the Lately in PHP podcast play list on YouTube and Subscribe to this channel there.

5 Minute Summary Video

Complete Video

Subscribe PHP Classes channel on Livecoding.tv to watch next recording live.

Show notes




You need to be a registered user or login to post a comment

Login Immediately with your account on:

FacebookGmail
HotmailStackOverflow
GitHubYahoo


Comments:

No comments were submitted yet.



  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog Making PHP 7.2 More S...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)