PHP Hypertext Preprocessor: Tools for Webpage Management. Michael Watson ICTN

Similar documents
Video Conferencing & Skype for Business: Your Need-to-Know Guide

Agenda. 1. Brief History of PHP. 2. Getting started. 3. Examples

Now you can Microsoft Visual Studio 2010 with MSDN

PEACHTECH PEACH API SECURITY AUTOMATING API SECURITY TESTING. Peach.tech

Princess Nourah bint Abdulrahman University. Computer Sciences Department

COMS 469: Interactive Media II

shortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge

// Introducing PHP. Overview of Dynamic Sites with PHP and Top 5 Best Practices. WebTechNY September 10 th, 2008

1) What is the first step of the system development life cycle (SDLC)? A) Design B) Analysis C) Problem and Opportunity Identification D) Development

Discovering Computers Chapter 13 Programming Languages and Program Development

Evaluating the Security Risks of Static vs. Dynamic Websites

The Skill Research of Interactive Web Site Based on.net: The Design and Development Yanwei XU 1, a, Honghui GONG 2, Ting ZHANG 3

Meltem Özturan misprivate.boun.edu.tr/ozturan/mis515

Web development with PHP. Kore Nordmann, Tobias Schlitt, Jakob Westhoff Dortmund

(p t y) lt d. 1995/04149/07. Course List 2018

Web Development IB PRECISION EXAMS

Php And Mysql Manual Simple Yet Powerful Web Programming

Technology in Action. Chapter Topics (cont.) Chapter Topics. Reasons for Software Programming. Information Systems 10/29/2010

PrimalScript 3.0. PrimalScript 3.0. Professional Scripting IDE for System Administrators, Web Developers and multiple-language programmers.

Chapter 3. Technology Adopted. 3.1 Introduction

Excerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt

User Scripting April 14, 2018

Software Paradigms (Lesson 10) Selected Topics in Software Architecture

INFORMATION TECHNOLOGY COURSE OBJECTIVE AND OUTCOME

Acceptance Test. Smart Scheduling. Empire Unlimited. Requested by:

Zend PHP 5 Certification Webinar

Marketing Services. Trends version

Finding Source Code On The Web For Remix And Reuse READ ONLINE

MOBILE DEFEND. Powering Robust Mobile Security Solutions

CTI Higher Certificate in Information Systems (Internet Development)

Next-Generation Standards Management with IHS Engineering Workbench

Technology in Action. Chapter Topics. Scope creep occurs when: 3/20/2013. Information Systems include all EXCEPT the following:

WHAT S NEW IN ORACLE USER PRODUCTIVITY KIT PROFESSIONAL

Why Converged Infrastructure?

If you are searched for a book Php 5 manual in pdf format, then you have come on to the faithful website. We present utter version of this book in

EasyChair Preprint. Introduction to Development of Software Support for Training and Testing IT Administrators

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

Part I. Web Technologies for Interactive Multimedia

FEATURES EASILY CREATE AND DEPLOY HIGH QUALITY TCL EXECUTABLES TO ANYONE, ANYWHERE

DIABLO VALLEY COLLEGE CATALOG

Lab 1 MonarchPress Product Description. Robert O Donnell CS411. Janet Brunelle. September 20, Version #2

CIW 1D CIW Foundations Exam v5.

Leveraging the Open Source Applications Ecosystem with IBM i

Utilizing a Common Language as a Generative Software Reuse Tool

Design for Testability of Web Applications Manager s Perspective

Introduction to Autodesk MapGuide EnterpriseChapter1:

Fundamentals of Information Systems, Seventh Edition

Introduction to Autodesk MapGuide EnterpriseChapter1:

Distributed Multitiered Application

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

BlackPearl Customer Created Clients Using Free & Open Source Tools

Planning and Designing Your Site p. 109 Design Concepts p. 116 Summary p. 118 Defining Your Site p. 119 The Files Panel p. 119 Accessing Your Remote

Statement of Work. Strength Maintenance Division Select Internet Services

Why Converged Infrastructure?

CSC 551: Web Programming. Spring 2004

Quantum, a Data Storage Solutions Leader, Delivers Responsive HTML5-Based Documentation Centers Using MadCap Flare

Active Server Pages Architecture

TRAINING CURRICULUM 2017 Q2

Zend Studio has the reputation of being one of the most mature and powerful

xiii A. Hayden Lindsey IBM Distinguished Engineer and Director, Studio Tools Foreword

Java FX 2.0. Dr. Stefan Schneider Oracle Deutschland Walldorf-Baden

CoreMax Consulting s Cyber Security Roadmap

Hypertext Markup Language, or HTML, is a markup

Java EE,.NET and PHP

Requirements Specification

Etanova Enterprise Solutions

The Now Platform Reference Guide

SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS

Creating BlackPearl S3 Clients Using Free and Open Source Tools. Easily move data to low-cost deep storage

Chapter 11 Program Development and Programming Languages

BUFFERZONE Advanced Endpoint Security

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

HP 2012 Cyber Security Risk Report Overview

Scribe Insight 6.5. Release Overview and Technical Information Version 1.0 April 7,

Unit code: R/601/1288 QCF Level 4: BTEC Higher National Credit value: 15

Digitized Engineering Notebook


BUFFERZONE Advanced Endpoint Security

Principles of Programming Languages. Lecture Outline

PDF # SECURE LOGINS PHP USER GUIDE

Everyone who has been involved with IT for more than a few

Creating the Complete Trusted Computing Ecosystem:

The Information Technology Program (ITS) Contents What is Information Technology?... 2

CompuScholar, Inc. Alignment to Utah's Web Development I Standards

LEARN JAVA FOR WEB DEVELOPMENT

The Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA

Chapter 12 Databases and Database Management Systems

Compilers Project Proposals

Lead the Market. Visual Studio Magazine Leads the Way. Covering the leading enterprise computing platform: Windows

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Chapter 2 FEATURES AND FACILITIES. SYS-ED/ Computer Education Techniques, Inc.

Instructional Treatment Plan Unit 4: Selecting the Right Tools for Your Dynamic Online Course Needs

CAMSCANNER TURN YOUR PHONE AND TABLET INTO SCANNER FOR

Global Security Consulting Services, compliancy and risk asessment services

Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria

Web 2.0, AJAX and RIAs

CTI Short Learning Programme in Internet Development Specialist

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

SOLVING PROBLEMS ON THE TEACHING METHODS OF LINEAR ALGEBRA THROUGH TECHNOLOGY PLATFORM DOT.NET

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Transcription:

PHP Hypertext Preprocessor: Tools for Webpage Management Michael Watson ICTN 4040-001 Michael Watson Page 1 4/17/2006

In today s use of the Internet, webpage design is an interest for both businesses and the home user. Managing the way information is viewed and obtained through the access of the website has become an essential part of the web culture. Many advantages have arisen out of the near instant access the world now has to information. There are also many risks that are presented to that data. To make the transition into the ease of use we enjoy today, many different ideas and programs have been created to aid in the formation and modification of websites. Many web programmers have enjoyed PHP for corporations and home pages. Like all things created for mass use, flaws have been identified and ways to extricate unauthorized information have been discovered. This paper will identify the need for coding of web page language, its ease of use and security, and show some of the pioneer companies and programs stemming from PHP. Through the explanation of the strengths and weaknesses, one can determine their need for using the code for their own benefit. Personal Home Page tools or PHP originated out of the desire for tools to track the passage of information from a website to the users who accessed it. Rasmus Ledorf pioneered the code for PHP out of a small set of Perl scripts for his personal use. As his language gained acceptance, others began to research and revise it to enable many more to enjoy its simplicity and technical advantages. PHP is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features thrown in. The goal of the language is to allow web developers to write dynamically generated pages quickly (What is PHP?, Achour, 2006). While created for the use in a home system, the project soon gained acceptance as a solid language for the managing of web page details. Contributed information from Wikipedia Michael Watson Page 2 4/17/2006

has stated that Ledorf implemented the code to display his résumé and to collect certain data, such as how much traffic his page was receiving (PHP, 2006). As with any of the convenient features enjoyed today on the Internet, someone used a simple need to create an easier way to enjoy the passage of information. And from this created language, more and more features were added. To define what PHP has become known as today, would be to tell the story of many coded programs and languages, edited and debugged many times over in order to achieve a higher level of user satisfaction. The combined efforts of the creators and editors of the language made all efforts to keep the code an open-source, fully scalable entity. They have a belief that the information they compiled should be used and enjoyed freely by anyone who wants to improve the performance of their website s activities. The official PHP website stated that the code is especially suited for Web development and can be embedded into HTML (Achour, 2006). By using special identifiers in the text, PHP will allow you to jump into and out of "PHP mode" (Achour, 2006). These tags will allow the compiled code to work in a mode that takes advantage of the properties of both HTML and PHP. To be exact, the coded preprocessor resides in the HTML document itself. Users of the code can be found across the Internet, varying from the basic home user interested in testing the code, to large corporations that use its server-side distributions to handle the data of clients and employees. Having been upgraded to include more current technology, it is easy to see why a scripting language can grow in popularity at an exponential rate. A user s ability to obtain and edit the code is not only permitted, it is encouraged. This creates an endless amount of opportunity to create Michael Watson Page 3 4/17/2006

solutions to problems that have been found with current technology, and the ability to edit the software for future dilemmas. PHP also supports the Open Database connection standard for database interconnectivity. PHP uses many of today s more common web applications to exchange data. APIA is a growing peer-to-peer network that allows the transmission of large data files over connections held by the PHP in the network layer. PHPBB is the open source bulletin board system that allows forums, an email-like messaging system, and an extensive list of options for you to control while using the forums on your system (PHPBB, 2006). By using the forum, users can post unlimited questions for response, allow exchange of new ideas, and the linking to downloadable files through FTP. PHP also has the ability to reproduce images and file attachments, along with complex streamed videos and flash movie sequences. With C as its native language, users who are familiar with the C language will find adaptation to PHP rather seamless. Anyone who has experience with a C-style language will soon understand PHP. In C-style languages we can also include JavaScript and Java. In fact, much of PHP's functionality is provided by wrappers around the underlying system calls (Pushman, 2000). A command line interface allows a more complex and intricate way to code the page, giving the editor the ability to observe any errors in a line-by-line output. A more common method for the less advanced user is the GUI that has been created and circulated for download and use. Many of the powerful commands that can be found in the CLI are available for the GUI user. So why would one use PHP? An article in the Web Developer s Journal gives reasons including, but not limited to: Michael Watson Page 4 4/17/2006

- Running on most of today s platforms seamlessly - Extendible code, that can be rewritten and compiled into the dynamic loading mechanism - Running on several HTTP interfaces such as Apache, AOLserver, and Roxen - A long list of database interoperability, including MS SQL, Oracle, Informix and others - Speed. Due to a small footprint, the coding usually runs as a module and loads very quickly - Open sourced code. The problems encountered by the system can be quickly countered with a change to the coding, which can be done by anyone with the expertise. (Pushman, 2000) In the further production and developing of the php software kit, the Zend Corporation has become known as the leader in the industry for allowing distribution and acquisition of new products. Andi Gutmans and Zeev Suraski created PHP3 which is now the distribution currently offered by Zend. They have declared on their website that the company delivers the next generation products and services necessary for developing, deploying and managing enterprise-class PHP applications (2006). Zend has found a way to manage and deliver the multiple products and contributions to the toolkit in a very concise and accessible way. They offer several advancements such as the Zend core, a tested bundle of the php software that is supported by the professionals working at Zend. There is an optimizer which uses compression technology to run the files up to forty percent faster. Other improvements include the Studio product for editing, and the Zend Guard which improves on security by finding known flaws in the Michael Watson Page 5 4/17/2006

written code. Maybe the most important characteristic of the company is the offering of certification in the field of PHP. Zend has courses, books and certifications that are renowned as the leading corporation in the field of PHP web page management. Current products under development at Zend include the new version php4 and a debugging system for most current applications. Security issues plague the Internet today. With the ever-expanding data coverage that has been enabled by broadband connections and easier to find ISP s, more and more people have information on the web. As with any version of software, someone can normally spend long enough finding a flaw and will then exploit it for gaining information. Who will be at risk with the flaws of PHP? With over 20 million pages being done in PHP, there are risks out there. Flaws range from mild indentification failure to critical mistakes that allow some users to bypass the verification portions of the software and access files without receiving permission. Some of the cited incidents include a negative reference problem and a Stephen Esser had discovered that the pack() and unpack() functions are subject to integer overflows that can lead to a heap buffer overflow and a heap information leak (Esser, 2004). Some of the technical problems can be solved by installing a new version that addresses the lack of security. In an article posted on Internet Security Systems, they state that PHP version 4.3.0 fails to properly restrict access to the CGI SAPI module. If a Web server has this module enabled, a remote attacker could access the CGI binary and use it to read any file readable by the owner of the Web server process, and possibly execute arbitrary PHP code on the Web server by injecting PHP code into a file readable by the CGI binary (ISS, 2003). Michael Watson Page 6 4/17/2006

With these and other breaches of security, some users have set out to become a tiger team of sorts and find any holes that make the system insecure. These teams are the ones who will add to the security of future versions. As with all software, PHP will be continually updated with beta test versions and fully operable final versions that will be released according to need. Personal home page tools was created to add ease to the production of web page functions. As it gained acceptance for its ease of use, scalability and open-source form, other teams and companies joined in the effort to improve the toolkit. By embedding the code into existing HTML, PHP can combine the best features of existing code and add benefits of its own. With growing companies like Zend leading the way in advertising and promoting the software, the popularity will only continue to grow in the future. With that growth, more and more users will expand on the ideas and contribute their ideas to the improvement of the toolkit. As with any coded software, PHP hypertext preprocessor has holes in the security of its execution. Again, with the code being distributed as open source, many teams and experts are purposely exploiting the faults and then finding ways to counter them. These actions will lead to the development teams ability to make better versions of the code. PHP has become popular within the last decade, and continues to gain wide acceptance and many companies will be seeking web designers that have been trained to use and understand the advantages and disadvantages available to them. Michael Watson Page 7 4/17/2006

References and Works Cited: 1. Mehdi, Achour; Betz, Friedhelm et. al. (2006) What is PHP? http://us3.php.net/manual/en/introduction.php#intro-whatis March 27, 2006 2. Wikipedia PHP(2006). http://en.wikipedia.org/wiki/php April 15, 2006 3. PHP Creating Communities (2006). http://www.phpbb.com/ April 11, 2006 4. Pushman, Jalal (2000). Why PHP? http://www.webdevelopersjournal.com/articles/why_php.html April 12 2006 5. Zend Inc. Driving PHP to the Enterprise. (2006) http://www.zend.com/company April 13, 2006 6. Esser, Stephen PHP: Multiple Vulnerabilities. (2006) http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml April 15, 2006 * Michael Watson Page 8 4/17/2006

7. Internet Security Systems PHP could allow access to the CGI SAPI. (2003) http://xforce.iss.net/xforce/xfdb/11343 April 13 2006 * Asterisk refers to a reputable proceeding or article. Michael Watson Page 9 4/17/2006

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback