PHP Classes
PHP Classes
elePHPant
Icontem

Definite CSRF Attack Protection in PHP with Same Site Cookies Support - 3 Minutes Lately in PHP podcast episode 86

Recommend this page to a friend!
  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog Definite CSRF Attack ...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)  

Author:

Posted on:

Categories: Lately in PHP Podcast

Same Site Cookies is a modern security feature being supported in the latest Web browser versions to provide a definite protection to Cross-Site Request Forgery attacks.

The support of the same site cookies in PHP was one of the main topics discussed by Manuel Lemos and Arturs Sosins on the episode 86 of the Lately in PHP podcast.

In this episode they also talked about the PHP 7.2 feature freeze, proposals to change object arrow -> to dot . notation, array coalesce operator, native support to JSON object to arrays in PDO, an article about comparing two similar images, and the 18 years of PHP Classes.

This article also contains a podcast summary as a 3 minute video and a transcript of the summary.

Listen to the podcast, or watch the hangout video, or the summary video, or read the transcript to learn more about these interesting PHP topics.




Contents

Introduction (0:17)

Podcast Summary (2:34)

PHP 5.6.31, 7.0.21, 7.1.7, 7.2 alpha 3 and beta 1 released, PHP 7.2 Feature Freeze (5:38)

Proposal: Change -> to dot(.) (10:27)

Proposal: Array Coalesce Operator (13:00)

RFC: samesite cookie implementation (15:45)

Proposal: PDO native JSON / array support (24:30)

How Can PHP Compare Two Images for Similarity (27:30)

18 Years of PHP Classes Helping Developers to Have Recognition and Be Independent (35:37)

JavaScript Innovation Award Winners of May 2017 (47:38)

JavaScript Innovation Award Rankings of 2017 (50:02)

PHP Innovation Award Winners of May 2017 (51:27)

PHP Innovation Award Rankings of 2017 (1:01:07)

Conclusion (1:03:35)


Contents

Listen or download the podcast, RSS feed and subscribe in iTunes

Watch the podcast video, subscribe to the podcast YouTube channel


We will cover as usual the latest versions of PHP. I'm not sure what exactly why it motivated this release but there are quite a few security bug fixes that happened. We'll check it out about these security releases later. There is also PHP 7.0.21, PHP 7.1.7 and we had a PHP 7.2 alpha 3 and beta 1 that were released just a few weeks ago.

And there is also a planned feature freeze and after this... actually it was last month. It was almost one month ago. And now PHP 7.0 is in security fixes mode.

Next we will comment about yet another discussion why not PHP does use dot instead of arrow to specify the members of objects/classes. This is a discussion that keeps coming.

Another topic that we will talk about is the array coalesce operator concept which will basically allow to check if a variable is really set to an array before proceeding to an operation that somehow traverses the array like foreach.

Next we will have a proposal that is planned to implement what is called the same site cookies. This is to avoid cross-site request forgery attacks. This is I think it is not yet standardized feature for Web browsers but I think it will be. So this will be the a good thing but the idea is to support it built in PHP.

Next we will talk about the proposal to support JSON fields in database access via PDO.

Next we will talk about an article about comparing two images to check if they are similar.

And finally there will be an article that just mentions celebration of the 18 years of PHP Classes.

Listen or download the podcast, RSS feed and subscribe in iTunes

Click on the Play button to listen now.


Download Size: 54MB Listeners: 883

Introduction music Harbour used with explicit permission from the author Danilo Ercole, from Curitiba, Brazil

View Podcast in iTunes

In iTunes, use the Subscribe to Podcast... item of the Advanced menu, and then enter the URL above to subscribe to this podcast.

Watch the podcast video

Note that the timestamps below in the transcript may not match the same positions in the video because they were based on the audio timestamps and the audio was compacted to truncate silence periods.

See the Lately in PHP podcast play list on YouTube and Subscribe to this channel there.

3 Minutes Summary Video

Complete Video

Subscribe PHP Classes channel on Livecoding.tv to watch next recording live.

Show notes




You need to be a registered user or login to post a comment

Login Immediately with your account on:

FacebookGmail
HotmailStackOverflow
GitHubYahoo


Comments:

No comments were submitted yet.



  Blog PHP Classes blog   RSS 1.0 feed RSS 2.0 feed   Blog Definite CSRF Attack ...   Post a comment Post a comment   See comments See comments (0)   Trackbacks (0)