|
|
|
PHP has been awarded the Programming Language of 2004, according to the TIOBE Programming Community Index. This index uses information collected from the popular search engines, and are based on the world-wide availability of skilled engineers, courses and third party vendors. Congratulations to us all!
|
|
|
Full View / NID: 5099 / Submitted by: The Spirit of Zuron
|
|
|
PHP is a powerful and flexible tool. This power and flexibility comes from PHP being a very thin framework sitting on top of dozens of distinct 3rd-party libraries. Each of these libraries have their own unique input data characteristics. Data that may be safe to pass to one library may not be safe to pass to another. A recent Web Worm known as NeverEverSanity exposed a mistake in the input validation in the popular phpBB message board application. Their highlighting code didn't account for double-urlencoded input correctly. Without proper input validation of untrusted user data combined with any of the PHP calls that can execute code or write to the filesystem you create a potential security problem. Despite some confusion regarding the timing of some unrelated PHP security fixes and the NeverEverSanity worm, the worm didn't actually have anything to do with a security problem in PHP. When we talk about security in a web application we really have two classes. Remote and Local. Every remote exploit can be avoided with very careful input validation. If you are writing an application that asks for a user's name and age, check and make sure you are only getting characters you would expect. Also make sure you are not getting too much data that might overflow your backend data storage or whatever manipulation functions you may be passing this data to. A variation of the remote exploit is the XSS or cross-site scripting problem where one user enters some javascript that the next user then views. For Local exploits we mostly hear about open_basedir or safemode problems on shared virtual hosts. These two features are there as a convenience to system administrators and should in no way be thought of as a complete security framework. With all the 3rd-party libraries you can hook into PHP and all the creative ways you can trick these libraries into accessing files, it is impossible to guarantee security with these directives. The Oracle and Curl extensions both have ways to go through the library and read a local file, for example. Short of modifying these 3rd-party libraries, which would be difficult for the closed-source Oracle library, there really isn't much PHP can do about this. When you have PHP by itself with only a small set of extensions safemode and open_basedir are generally enough to frustrate the average bad guy, but for critical security situations you should be using OS-level security by running multiple web servers each as their own user id and ideally in separate jailed/chroot'ed filesystems. Better yet, use completely separate physical servers. If you share a server with someone you don't trust you need to realize that you will never achieve airtight security.
|
|
|
Full View / NID: 5060 / Submitted by: The Spirit of Zuron
|
|
|
Surely, some of our visitors are back at work for a few days between holidays, and hopefully they will find our post-christmas gift useful. The function list suggestions we started to test a year ago seemed to be working better as some bugs were found and fixed, so it was time to make the result available on all php.net pages. Whenever you type something into the search file, while having the function list search option selected, you will get a list of suggested functions starting with the letters you typed in. You can browse the list with the up/down keys, and you will be able to autocomplete the function name with the spacebar. If you are not interested in this feature, you can turn it off for yourself on the My PHP.net page. More information about is available on the search page.
|
|
|
Full View / NID: 5028 / Submitted by: The Spirit of Zuron
|
|
|
PHP West is holding a conference on January 14th, 2005 at the Vancouver Planetarium providing a great environment for the promotion of PHP within the Vancouver area. With the high impact level of speakers scheduled for this event, you can look forward to in depth talks from the likes of Rasmus Lerdorf, Terry Chay, John Coggeshall, Ilia Alshanetsky, and Cal Henderson speaking on a wide array of topics focused on Web Services. Early Bird Specials are in effect right now, tickets are only $40 until December 26th! Due to limited capacity for this event we recommend you register soon to reserve your seat.
|
|
|
Full View / NID: 5007 / Submitted by: The Spirit of Zuron
|
|
|
The PHP Center and the Software & Support Verlag are pleased to announce the International PHP Conference 2005 Spring Edition in Amsterdam, Netherlands. The dates for this event will be May 2-4, 2005. The conference venue is the RAI conference center. Like last year the organizers would like to present an interesting and various programme to the international PHP Community, so they are happy to ask you to submit your proposals for the session programme. The topics are General PHP, PHP & Business/Integration, PHP & Databases, PHP Design, PHP Extensions, PHP & XML and PHP-GTK.
|
|
|
Full View / NID: 4929 / Submitted by: The Spirit of Zuron
|
|
|
The second Web Technology conference in Bulgaria will be held in March 2005 at the city of Sofia. Within its framework, the Second Bulgarian PHP Conference and first IT Business conference will be held. The purpose of this meeting is to discuss the new tendencies in this direction and to popularize the internet technologies in the spheres of business, education, and services. The range of subjects includes technologies like PHP, Perl, business systems through web, education through the internet, and others. The Call For Papers is open, if you would like to have a speach at this event.
|
|
|
Full View / NID: 4928 / Submitted by: The Spirit of Zuron
|
|
|
The PHP Development Team would like to announce the immediate release of PHP 4.3.10 and PHP 5.0.3. These are maintenance releases that in addition to non-critical bug fixes address several very serious security issues. All Users of PHP are strongly encouraged to upgrade to one of these releases as soon as possible. For changes since PHP 4.3.9, please consult the PHP 4 ChangeLog. For changes since PHP 5.0.2, please consult the PHP 5 ChangeLog.
|
|
|
Full View / NID: 4927 / Submitted by: The Spirit of Zuron
|
|
|
PHP Development Team would like to announce the immediate release of PHP 4.3.10. This is a maintenance release that in addition to over 30 non-critical bug fixes addresses several very serious security issues. All Users of PHP are strongly encouraged to upgrade to this release as soon as possible. For changes since PHP 4.3.9, please consult the ChangeLog.
|
|
|
Full View / NID: 4917 / Submitted by: The Spirit of Zuron
|
|
|
PHP 5.0.3RC2 has been released for testing. This is the second release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues.
|
|
|
Full View / NID: 4877 / Submitted by: The Spirit of Zuron
|
|
|
PHP 4.3.10RC2 has been released for testing. This is the second release candidate and should be very near production quality. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues.
|
|
|
Full View / NID: 4841 / Submitted by: The Spirit of Zuron
|
|
|
PHP West is holding a conference on Web Services on January 14th, 2005 hosted in the beautiful Vancouver, British Columbia, Canada. This is the first of many conferences to come on a four month orbit “ each focusing on a unique genre. The conference will be a jam packed one day event with the most important topics PHP developers are faced with regarding Web Services. The conference has received talks from leading speakers in the industry “ speakers which have been chosen will be announced on December 16th. Early bird special tickets are available until December 26th and due to limited capacity for this event the organizers recommend you register soon to reserve your seat. Online registration is now open!
|
|
|
Full View / NID: 4818 / Submitted by: The Spirit of Zuron
|
|
|
PHP 5.0.3RC1 has been released for testing. This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues.
|
|
|
Full View / NID: 4737 / Submitted by: The Spirit of Zuron
|
|
|
PHP 4.3.10RC1 has been released for testing. This is the first release candidate and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues.
|
|
|
Full View / NID: 4684 / Submitted by: The Spirit of Zuron
|
|
|
The PHP Québec is proud to announce the PHP Québec conference 2005, which will be held on March, 30th&31th and April 1st 2005. We are looking for the best speakers, willing to share their experience and skills with the educated crowd of PHP programmers in eastern Canada and in the USA. PHP Québec 2005 features 4 distinct tracks: Professional PHP PHP advanced technics MySQL Apache and ASF projects For more information, read the PHP Québec web site.
|
|
|
Full View / NID: 4587 / Submitted by: The Spirit of Zuron
|
|
|
In order to boost more awareness of the pending software patent issues in the European Union—MySQL, ISP 1&1, RedHat and other partners started a new portal "http://nosoftwarepatents.com". The site is available in 10 different european languages and explains why software patents are bad, and how they might affect you. In order to learn more, or participate in events against software patents, have a look at the very informative website.
|
|
|
Full View / NID: 4588 / Submitted by: The Spirit of Zuron
|
|
|
Congratulations to Qiang Xue, whose application 'PRADO' earned high votes both from the public and from the judges' panel! There are 49 other prizewinning applications in Zend's contest gallery - too many to list here. Some of them are ongoing projects, bringing PHP 5 a small armoury of useful open source tools. The top 50 applications will remain on display until the end of this year, giving you the chance to take a leisurely look through the code and see how the new features in PHP 5 should be used.
|
|
|
Full View / NID: 4589 / Submitted by: The Spirit of Zuron
|
|
|
PHP Québec, the profesional association of PHP users in Québec, will be part of the GTEC exhibition, in Ottawa, Ontario, on Tuesday October 19th and Wednesday October 20th. PHP Québec will present PHP's features, its capabilities for e-government and its support services in Canada. Come and meet us on the floor, booth 1610C.
|
|
|
Full View / NID: 4590 / Submitted by: The Spirit of Zuron
|
|
|
The French AFUP association is proud to announce the fourth annual PHP meeting in Paris, on November 18th and 19th, 2004. Developers and managers will gather to meet Zeev Suraski, Rasmus Lerdorf and other prominent community experts for two days of sessions, packed with enterprise solutions and advanced techniques (in French).
|
|
|
Full View / NID: 4591 / Submitted by: The Spirit of Zuron
|
|
|
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. After that, check out the online manual, and the example archive sites and some of the other resources available in the links section.
|
|
|
Full View / NID: 4081 / Submitted by: Travis
|
|
|
PHP 4.3.9 FINAL has been released for testing. This is the last release candidate before the final release and should have a very low number of problems and/or bugs. Nevertheless, please download and test it as much as possible on real-life applications to uncover any remaining issues.
|
|
|
Full View / NID: 4069 / Submitted by: Anthony
|
|
; void('');){kind=link}
