Blackfire Profiler automatically instruments your code to gather data about consumed server resources like memory, CPU time, and I/O. But Blackfire Profiler is more than figures; its interactive Callgraphs make it straightforward to find bottlenecks and improve performance. Moreover, profile comparisons let you understand the impact of your changes. Blackfire Profiler — Fire up your …
Tag Archives: php
PHP Roave Security Advisories
$ composer require roave/security-advisories:dev-master $ # following commands will fail: $ composer require symfony/symfony:2.5.2 $ composer require zendframework/zendframework:2.3.1 This package ensures that your PHP application doesn’t have installed dependencies with known security vulnerabilities. This package does not provide any API or usable classes: its only purpose is to prevent installation of software with known and …
On PHP Version Requirements
Anthony Ferrara (ircmaxell): I learned something rather disturbing yesterday. CodeIgniter 3.0 will support PHP 5.2. To put that in context, there hasn’t been a supported or secure version of PHP 5.2 since January, 2011. That’s nearly 4 years. To me, that’s beyond irresponsible… It’s negligent… That’s worrying indeed. WordPress for example still runs on PHP …
Mixed Content Scan: Scan your HTTPS-enabled website for Mixed Content
With my recent move to HTTPS I wasn’t sure if there were any pages left on my site that had Mixed Content or not. If an HTTPS page includes content retrieved through regular, cleartext HTTP, then the connection is only partially encrypted. […] When a webpage exhibits this behavior, it is called a mixed content …
Continue reading “Mixed Content Scan: Scan your HTTPS-enabled website for Mixed Content”
It’s All About Time: Timing attacks in PHP
$query = "SELECT * FROM users WHERE id = ?"; $stmt = $pdo->prepare($query); $stmt->execute([$_POST[‘id’]]); $user = $stmt->fetchObject(); if ($user && password_verify($_POST[‘password’], $user->password)) { return true; } return false; There is information leak here: If you try different user names, it will take a different amount of time depending on if the username is there or …
Continue reading “It’s All About Time: Timing attacks in PHP”
phpspec
phpspec is a development tool, designed to help you achieve clean and working PHP code by using a technique derived from test-first development called (spec) behaviour driven development, or SpecBDD. Example spec file: <?php namespace spec; use PhpSpec\ObjectBehavior; class MarkdownSpec extends ObjectBehavior { function it_converts_plain_text_to_html_paragraphs() { $this->toHtml("Hi, there")->shouldReturn("<p>Hi, there</p>"); } } Running it is easy: …
Securing Sessions in PHP
I set out to combine all the best practice I could find into a single Session handler, to help protect against the common attack vectors. Since PHP 5.4, you are able to set the Session handler based on a class instance that extends the default SessionHandler class. Make the session cookie only available over HTTP, …
grunt-php
PHP 5.6: “Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version.”
Since PHP 5.6, the use of $HTTP_RAW_POST_DATA is deprecated. Now, I’m not using this so I’m in the clear, or at least I thought I was … The default value for always_populate_raw_post_data in PHP 5.6 is doing more harm than good. Perfectly good code will spit out that error whenever it receives a request that …
PHP Null Coalesce Operator
In PHP7 the coalesce operator – ?? – will be introduced. It acts as a bit of syntactic sugar for the common case of needing to use a ternary in conjunction with isset(). The null coalesce operator returns its first operand if it exists and is not NULL; otherwise it returns its second operand. That …