In a series of posts, I will address the issue of authentication and authorization of users into your application. When you build a website with any form of back office, you will need to grant users access to the back office (authentication), and determine what actions they are allowed to take (authorization). The Zend Framework has two tools just for that job: Zend_Auth and Zend_ACL. In this first part, I will build a custom User class, that will allow the programmer to perform a simple authentication of a user. This User class will be integrated into a so called “code base” or “framework” that you can use for your own applications. As of this moment, that framework doesn’t exist yet. I will gradually build it as my blog posts are added. Please look for the tag “codebase” if you want all of these posts.
Read more…
Tom Zend Framework codebase, PHP, zend_auth
In my previous post “Security with Zend_AMF and Flex – Part 1: Theory“, I explained the theory behind securing your Flex-PHP calls. After the theory comes the practise. I will only provide snippets for the PHP side of this story, as I’m totally ignorant about Flex and ActionScript. I used Zend_AMF, written by Wade Arnold, to handle all the communications between Flex and PHP. If you need to know the basics, please read the documentation first.
Read more…
Tom Zend Framework air, flex, PHP, zend_amf
In a series of two posts, I will explain how to secure the communication between a Flex client and PHP server architecture. The first part will explain how I envision that security, and in the second part I will show snippets of PHP code for the practical implementation.
I’m currently working together with my friend and colleague Vic on a client-server application that involves Flex on the front-side, and PHP (Zend Framework) on the back. Since I’m the PHP guy, I’m in charge of creating the API for his Flex application. For the moment, the project will only be accessed locally from the client’s network. But there is a possibility that in a later stage, it might open up to the general public. One of my main concerns was how we could make every API call as secure as possible. This without making it too complicated, or involve too many service calls that might slow everything down.
Read more…
Tom Zend Framework chap, flex, PHP, security, zend
In PHP5, it is possible to loop through an array, and alter each item on the fly via the “by-reference” operator: the &-symbol. However, you should be on the lookout for unexpected behaviour.
Read more…
admin PHP bug, by-reference, foreach, PHP
