Posts Tagged ‘php’

Coding: Password Security in Cookies

December 22nd, 2007

Via boren.nu, I came across a nice detailed section on how to create a secure cookie and password system (which will be implemented in WordPress 2.4):

Cookies will be based on the secure cookie protocol described here. The cookie is structured like so:

user name|expiration time|HMAC( user name|expiration time, k)
where k = HMAC(user name|expiration time, sk)
and where sk is a secret key

The new cookie protocol will allow us to enforce expirations server-side, mass invalidate all cookies, and offer high-level confidentiality. Read the Liu paper for details on the protocol… …In conjunction with the new cookies, password hashing will be improved by moving to phpass. phpass provides password stretching and salting. These make brute-forcing your password hashes impractical should someone get access to your database.

Techy: Discontinuation of PHP4

July 13th, 2007

I’ve already blogged about 13 facts about Friday the 13th which is paraskevidekatriaphobia or just triskaidekaphobia if you only fear the number 13. But Friday the 13th of July 2007 will go down as a “notable date” for some web developers – it’s the day that the End of Life of PHP4 was announced.

PHP4 as a programming language will become discontinued on the 31st of December this year – so if you’ve got an essential program which depends on PHP4 – contact the developers to make it PHP5 compatible now (after all, PHP5 has been out 3 years and they are now working on PHP6!). Ok, some people will be stuck (if I remember correctly, osCommerce doesn’t work brilliantly on PHP5 but I may be mistaken), but unfortunately that’s life…

Techy: Background Processes In PHP

July 10th, 2007

From What You’re Doing Is Rather Desperate is a very nice way of running a background task in PHP. I’ve implemented compression of a .tar file in the following method using this code:


$ps=runinbackground("gzip -v $tarfile -c 1> ".$tmp."download.tar.gz 2>".$tmp."download.tar.log");
$count=0;
while (isprocessrunning($ps)) {
sendupdate(3,'overall','Compressing'.str_repeat('.',$count).$lastline);
$count++;
if ($count>8) { $count=0; }
sleep(1);
}
function runinbackground($command) {
#error_log($command);
$command="nohup $command & echo $!";
#error_log($command);
$PID=shell_exec($command);
return ($PID);
}
function isprocessrunning($PID) {
exec("ps $PID",$processstate);
return(count($processstate)>=2);
}

I can then monitor (within the loop) the download.tar.log file if necessary. Hope it helps someone else.

gamy-dance
%d bloggers like this: