I’m proud to announce that Server-Side Magazine just reached 104 RSS and 5 e-mail subscribers.
Thank you for everyone who is interested in the website, I hope you’ll enjoy reading Server-Side Magazine in the future too.
If you have any questions or suggestions on how we should improve the website don’t hesitate to leave a comment or to write an e-mail.
As you may know, inheriting from multiple objects in PHP 5 is impossible, because of the language restrictions. You can’t write code such as this:
1 2 3 | class Child extends Mother, Father { //class code here } |
The usage of sessions is the php developer’s most common use since we constantly need to transact data from step to step. An average programmer would say that using sessions is far more secure than letís say cookies since the session data is server side data, thing that is partially correct.
The fact that the attacker can’t have a clear look at what and where you store comes to your advantage but a more dedicated attacker can go a bit further than this presumption.
A must have for the attacker in a session hijack is the Session Identifier so he can impersonate the attack. Let’s presume for example that you have your website hosted on a shared hosting on which PHP is installed as an Apache module, thing that makes session files belong to the web user, in other words: accessible.
ASP.Net
Ruby
PHP
CSRF stand for Cross Site Request Forgeries, it’s a method that allows an outside attacker to send malformed HTTP requests to a website, but from a victim’s computer. In this case the actual victim is the accomplice to this attack.
Stronger security measures must be implemented in order to avoid CSRF attacks, and to make sure the website and it’s users are not vulnerable.
To better understand CSRF attacks let’s look at an example. Let’s say you’re signed in to Facebook, you browse around and in the mean time you open a new window or a new tab and visit another site. It’s a typical scenario. Now, your still signed in at Facebook on the other tab and you visit a site where there’s a CSRF attack implemented. Now the CSRF site actually could send out spam to your Facebook friends or even delete your account, all this using your credentials, because a session is saved when you logged into Facebook (remember, on the other tab).
Here at Server-Side Magazine we like to keep an eye on other server-side programming related sites and tutorials. We collected a few links for you to read and enjoy.
PHP
Ruby
ASP.Net
This tutorial will cover the basic syntax and common features of PHP. It assumes that you already know what is a server-side scripting language and you have already installed and set up PHP on your development machine.
If you want to learn PHP, you should start by reading this article, which covers the absolute basics of PHP programming language.
The author of the website wrote a nice article on cross site request forgeries (CSRF), what to watch out for when implementing such security measure.
You may want to have a look at his post at: http://blog.preinheimer.com/index.php?/archives/283-Stop-Messing-up-CSRF-Protection.html
We are trying to constantly improve Server-Side Magazine.
The new features are:
1. New popular posts: The post categories are now included along with the post titles.
2. Improved smilies: We included new smilies for you, and also implemented a smiley toggle panel on the comment form. Check it out.
Also we’d like to thank CYCLER for providing a few custom smilies. Make sure you check out his web page.
That’s right, you could win $200 US for writing an article for Server-Side Magazine.
Submit your article before November 27th, 2008. You will have a good fat 3 weeks to work on your article. The e-mail address is: contest [ you_know ] serversidemagazine [you know] com
Note that we will reply for every submission, if you don’t hear from us in about 3 – 4 days, you know that something went wrong and you should resubmit your article.
After the deadline will begin the voting period of 15 days until December 12th, 2008. The winner will have $200 to spend on gifts just in time for the holidays.
The article that gets the most comments on Server-Side Magazine and the most votes on Digg + dzone + Delicious bookmarks, wins.
As with majority of contests we have a few rules too.
1. The articles must be original, not published in full on other websites (even on your personal website/blog). We will immediately remove plagiarized articles and ban your IP from Server-Side Magazine for life. We really hate slackers!
2. The article must be at least 1000 words, anything related to PHP, Ruby, ASP.Net and written in English.
3. There is a possibility that your article won’t be accepted if it doesn’t meet a minimum standard of quality.
4. You must write the article using the Server-Side Magazine template, attached to this post.
5. You can write more than one article.
6. You have to send the whole article in order to be accepted, after this we will begin to evaluate it.
The article in full, remains your property, you will have copyright over it. We only ask to give us a full exclusive publication rights.
…to download the template.
