TCPHP

Attendees: sam buchanan dave ornsby Keith Larry DeVries HJ Schmidt me Allie Brandon Form security: - historically security dealt with on network/OS side - Many attacks focus on applications

Step-by-step instructions for generating self-signed SSL certificates & CA's (Certificate Authorities) for a variety of linux distros.

June 2005 TCPHP meeting
Topic: Open discussions about PHP and web security

Introductions:

We met as usual at the Renasissance

The most current official PHP/MacOS distro.

The most current official Apache Foundation/MacOS X distro of Apache server.

Guide to Apache Mod_rewrite:

"The Apache module mod_rewrite is a killer one, i.e. it is a really sophisticated module which provides a powerful way to do URL manipulations. With it you can nearly do all types of URL manipulations you ever dreamed about. The price you have to pay is to accept complexity, because mod_rewrite\'s major drawback is that it is not easy to understand and use for the beginner. And even Apache experts sometimes discover new aspects where mod_rewrite can help. "

Safari Bookshelf is an electronic reference library for programmers and IT professionals.

I recommend that everyone get on board for the 14 day free trial (be
sure to put a reminder in your calendar to cancel before the 14 days is
up so that you don't get flipped into a $19.99 monthly subscription
without your wanting it to).

1. Demonstration of WEB-DAV. FTP is a potentially insecure way to transfer files to and from a web server. Web-Dav is an alternative on a windows client. (My Computer >>> Web Folders Folder >>> Add Web Folder >>> type in the URL of the site that you want to upload or download web files to or from. The server can limit access based on user and access method (get, post, etc.) and has to have at least one access method enabled for web-dav to work.

2. Discussion of separating PHP from HTML. General solution is to use a require statement in the HTML page to store all the PHP code and then have the needed variables interspersed in the HTML.