A look at the improved password features of PHP 5.5+

It’s of the utmost importance that PHP programmers safeguard account passwords by using the latest and most secure methods. To that end, PHP 5.5 added a new password-hashing library created by Anthony Ferrara (@ircmaxell). The library makes several functions available that you can use to handle one-way password encryption with current best-practice methods. Other features anticipate future security needs so that as computers and hackers get more advanced, you can stay a step ahead of the bad guys. This article gives you an in-depth introduction to the library’s functions and how to make the best use of them.

via PHP renewed: Password security in modern PHP.

This article takes a look at the improved password handling features of PHP 5.5+. Recommended read for anyone working with PHP apps.

Collabtive – Open Source Collaboration

About

Collabtive is web-based project management software.
The project was started in November 2007. It is open source software and provides an alternative to proprietary tools like Basecamp. Collabtive is written in PHP and JavaScript.

Collabtive – Open Source Collaboration http://collabtive.o-dyn.de/

Plugins include a mobile app, Gantt charts, project templates.

Flaw in PHP XML Processing Hits Drupal, WordPress. Time To Patch ’em Up.

For the first time, the open-source Drupal and WordPress content management teams have coordinated joint security releases to fix a new vulnerability.

The flaw, first reported by security researcher Nir Goldshlager, is a potential denial-of-service (DoS) issue with PHP’s XML processing module. Drupal and WordPress use the same PHP module, which is why both content management systems are at risk from the same flaw. Drupal is particularly prominent because it is used on U.S. government sites, including WhiteHouse.gov, and WordPress is deployed on more than 60 million sites.

“This bug can be utilized without the aid of any plug-ins, and it functions smoothly on the default installation of WordPress and Drupal,” Goldshlager explained in an advisory (which is running on a WordPress site itself). “Only one machine needed to exploit this vulnerability.”

In an advisory on the drupal.org site, the vulnerability is rated as moderately critical. The Drupal advisory explains that the bug that Goldshlager found is within the PHP XML parser and could trigger CPU and memory exhaustion, in turn causing a DoS condition on the affected site.

via New Flaw Puts Millions of WordPress, Drupal Sites at Risk.

Patches are provided by Drupal 7.31, 6.33 and WordPress 3.9.2.

PHP Keeps Getting Better

PHP 5.5 (the latest stable build as of this writing) has made major progress from earlier versions. Recent PHP releases contain powerful new features and helpful developer tools, such as a built-in web server, generators for simpler iteration, and namespaces. With PHP 5.4, traits were introduced (a la Scala or Perl) to allow code reuse in single inheritance languages, as well as closures, which allow you to code PHP in a functional style. Other important features include the built-in FastCGI process manager and phpdbg debugger, and a new password hashing API that makes it easy to hash and securely manage passwords in PHP.

via The new PHP – Programming – O’Reilly Media.

Article highlights some of the major improvements to PHP as the language matures. Always good to know that my favorite language keeps getting better.

Use Google App Engine For Quick Static Web Page Hosting

Sometimes I’m looking for a quick way to take a look at some new static design pages or prototype and I don’t want to go through the hassle of setting something up on regular hosting. I’ve typically done that sort of thing locally, but that doesn’t help if I want to share or get feed back on something. Free Static Page Hosting on Google App Engine in 5 minutes shows how to get a static site up and running on Google App Engine.

I had thought of Google App Engine as a platform to deploy sophisticated Python, Java, or Go apps, but it can handle static HTML just fine. The article describes the steps needed and uses the Python SDK but I tested the same steps using the PHP SDK and it worked fine.

You should visit the Google App Engine site to get all the details for using the platform. For hosting a few static pages it’s free.