Securing PHP Applications Part III – Securing PHP on the server / Securing MySQL and Apache

Hi there. This is the last part of this tutorial where I tell you a few things about securing PHP on the server, about securing MySQL and Apache.

OBS: If you don’t administer your own server, this information will be useful to you while shopping for a Web host, so you better continue reading.

Before starting this part I would like to give you some tips to use when buying a host:
- shop for a secure Web host. Insist on knowing what Web server software (and
which version of it) the host is running and which version of each programming
language it has installed
- keep up with security alerts that affect the applications running on your Web host
- encourage your Web host’s system administrators to apply security patches and
updates promptly

Read more

Securing PHP Applications Part II – Securing PHP code

5. SQL injections
What is it?
This type of attack is one of the most common attacks. SQL injections occur after two failures of the part of developers: failure to filter data as it enters the application (filter input) and failure to escape data as it is sent to the database (escape output). For example, let’s suppose we have the following query:

< ?php
$sql = "SELECT *
        FROM   users
        WHERE  username = '''
        AND    password = 'a029d0df84eb5549c641e04a9ef389e5'";
?>

Read more

Design patterns Part IV – MVC

The problem:

When your php application became larger, you might find yourself in the situation where you don’t know where to change the design of a certain page, or you might have to change in multiple places to get the same results.
For example, if you want to implement a comments system in your application, you could write a all the code in a single php script, which handles comments listing, adding new comments and all the application logic.

But if the client decide to change the layout of the comments listing, you will see how difficult it is to change all the code that display the comment listing. The same goes if the client decide to change something in the application logic (like storing the data in flat files instead of database tables or adding new fields to the comments).
Read more

Securing PHP applications Part I – Securing PHP code

There are a lot of books treating this issue. So, why another post about this subject. Well, here a try to cover this problem in a short way so that you don’t have to read hundreds of pages or to search all over the Internet for this.

These being said, you must know that securing a PHP application is not an easy process, as you may think and involves a lot of other things, not just your code.

The things you must take care when trying to secure a PHP application are:
1. Forms
2. URLs
3. Databases and SQL
4. Sessions and Cookies
5. Files and Includes (including file uploads)
6. Commands
7. Authentication and Authorization
8. Shared hosting
Read more

Design Pattern Part III – Observer

The problem:
Well, this is my favorite. Why? Because get you free of a lot of responsabilities. Let me explain: suppose you have an online newspaper website and for publishing an article you must follow these steps:
1. write the article
2. insert the article in the proper table in your database
3. delete the cache (an necessary operation for the article to appear on the page)
4. display the article in the proper page
5. and what ever action you think of, necessary for this type of context
Read more

Design Patterns Part II – Factory

The problem:
We need a method that could generate us different “products” based on different conditions or, why not, depending on the context. If we didn’t know about design patterns we would solve this by creating an endless if then else set of conditions. I know, this is the fastest solution that comes into your head, but have you ever think of the consequences of this practice? What will you do when you will have to add some other conditions? We need some automation of this process.

Here comes the Factory Pattern, a creational design pattern, which consists (or make use) of the Abstract Factory Pattern and the Factory Method Pattern. Let’s see what’s the role of every each of this two:
Read more

Design patterns Part I – Singleton

Procedural vs object- oriented
One core difference between object-oriented and procedural code can be found in the way that responsibility is distributed. Procedural code takes the form of a sequential series of commands and method calls. The controlling code tends to take responsibility for handling differing conditions. This top-down control can result in the development of duplications and dependencies across a project. Object-oriented code tries to minimize these dependencies by moving responsibility for handling tasks away from client code and toward the objects in the system.
Read more

SWF image upload & crop for php using jQuery

Recently I’ve needed a plugin to upload an image using SWF upload and to crop the uploaded image using jQuery and then  save the crop result. I couldn’t find this combination, so I’ve tried to combine these requests: SWF upload, crop with jQuery and php.

I’ve found something about SWF upload here and something about jQuery image crop here. Another request was to limit the upload to one file only, to some specific image types and a specified file size. These requests needed a PHP validation too.
Read more

Capturing multiple thumbnails from a movie using ffmpeg

When working with video processing scripts, a common requirement is to create thumbnails from a video. Fortunately, with ffmpeg we can make still captures from a a video, and i will show you 2 of the methods in this article.
Read more

Bandwidth limit script

Sometimes you want to limit the bandwidth for certain ips or sites, in order to keep your traffic within limits, or to keep constant bandwidth to all users, regardless of how much they are downloading.

Here is a solution to do that: Read more