Category: Web Development

Security Flaws Persist in Java 7u10 Update

Posted on by Jay

Java DevelopmentOracle has released new updates for Java with security enhancements for better performance.

This new release of Java SE 7 update 10 is now certified for both Windows 8 and Mac OS X operating systems.

These updates include the ability to use the control panel to prevent Java applications from running in browsers, as well as to set a level of security for unsigned applets, Java FX applications, and Java Web Start applications.

It also adds a dialogue box to warn people when Java plug-in updates are available for download.

But the update of JDK 7u10 has failed to fix some major security troubles and have brought only minor improvements, experts say.

Andrew Storms, the director of security operations at ncircle quoted “New features notwithstanding, Oracle still has a long way to go to improve security” referring to the fact that the hackers are aware that most people do not keep the Java plug-in up to date, hence leaving old flaws open to misuse by the trespassers and attackers.

HP’s security research division reported that in the year 2011 an attack integrated with the black hole toolkit had more than 75 percent success rate for the attackers.

According to the reports it is also said that for large businesses and Industries, only a full-time IT security staff will be able to figure out the new settings help and if managed centrally from Microsoft Active Directory or other directory servers.

Storms also stated “Without this access, the new settings will essentially be useless to enterprise IT teams” and pointed out that consumers are not worrying to update Java; they are unwilling to learn the uses control panel.

Besides the security flaws, other fixes include Windows command line issues, the ability to allow sandbox warning banner to grant access.

New Secure Password Hashing API In PHP 5.5

Posted on by Jay

The fifth release of PHP, also known as PHP 5.5, was released in this year with great new features and updated standards. One of the most exciting aspects of the update is the Password Hashing API, which aims to provide a universal standard for password hashing functions.

Hashing is a way to store user passwords so that they are not stored in clear text but can still be verified when users log in again. With this new standard, you can use one function (password_hash) to create an account verification token for your user login system. You use another function (password_verify) to validate a hashed password when users sign up or reset their password again.

From the analysis reports, it is now believed that work has officially begun on PHP 5.5. It will be the first major update since the release of the version earlier this year.

Never miss an update from us. Join 10,000+ marketers and leaders.

In recent years major update releases for PHP were very slow, so it will be interesting to see how fast or slow PHP 5.5 will come into the development process.

Among all the updates in PHP 5.5 the most impressive feature is the new Password Hashing API.

According to some recent security attacks, it is now revealed that a vast majority of PHP developers either don’t understand the password hashing or don’t think it’s worth an effort.

The current implementation of password hashing using crypt() is difficult to implement and work with, but by providing a simple API for password hashing, it will become easier for the developers to simply call the API which will take care of all the issues of the PHP development. Eventually, more projects and developers will be able to use secure password hashing.

It makes sense to include this feature, but let’s just hope for an early official release of this version, so that the PHP developers can take advantage of this security innovation.

Conclusion

The Password Hashing API is a great addition to PHP. It simplifies the process of creating and verifying password hashes. The API is compatible with existing methods and can be used for many different systems, which makes it a useful tool for developers. The Password Hashing API is available in PHP 5.5 and newer versions. This new standard aims to unify the password hashing process and create a universal method to create and verify password hashes.

How To Send Files To Remote Server Via SSH In PHP

Posted on by Prakash S.

You may have faced a situation where you need to send server files to a remote server. If you are working on a website that requires remote server access and files regularly, it is impossible to keep on transferring the file every time they are updated.

This means that you cannot keep these files in your local system and need to transfer them to the remote server only when they’re updated. To do this, you will need SSH access to the server so that you can send files securely via SFTP or any other secure file transfer protocol.

Once you learn how to set up SSH access, there are some things that you need to know about how SSH works and how it’s used with different servers.

Never miss an update from us. Join 10,000+ marketers and leaders.

This example describes ‘How to SSH to remote server in PHP and send files from one server to another server using libssh2.’

ssh2_connect() – Connect to a remote server
ssh2_scp_send() – Send a file via SSH
ssh2_exec() – Execute a command on a remote server

Install libssh2 and then install PECL SSH2 extension for PHP.

Example:   

$ip = "192.168.2.101";
$username = "test";
$port = 22;
$public_ssh_key = "/var/www/html/ssh_keys/id_dsa.pub";
$private_ssh_key = "/var/www/html/ssh_keys/id_dsa";
 
if(function_exists("ssh2_connect")) {
$ssh_conn = ssh2_connect($ip, $port);
if($ssh_conn) {
//Validate your username with ssh keys
if(ssh2_auth_pubkey_file($ssh_conn, $username, $public_ssh_key, $private_ssh_key, 'secret')) {
 
// Check file list
$stream = ssh2_exec($ssh_conn, 'ls -l /home/test/');
if($stream) {
stream_set_blocking($stream, true);
while ($buf = fread($stream,4096)) {
flush(); // comment this line
$data.=$buf;
print_r($buf); // comment this line
}
fclose($stream);
}
 
// send file from one server to another
ssh2_scp_send($ssh_conn, '/path/from/file.ext', '/home/test/file.ext', 0777);
 
}
else {
die("SSH validation failed using Username: ".$username." (specify valid SSH keys or check your SSH key path)");
}
}
else {
die("SSH validation failed for IP: ".$ip);
}
}
else {
die("'ssh2_connect()' doesn't exists. Install libssh2 with PECL SSH2 extension");
}

Other commands:

ssh2_sftp() – Initialize SFTP subsystem
ssh2_sftp_mkdir()– Create directory on remote server

$sftp = ssh2_sftp($ssh_conn);
ssh2_sftp_mkdir($sftp, '/var/www/html/test');

ssh2_auth_password()  – Authenticate over SSH using a plain password
ssh2_auth_pubkey_file() – Authenticate using a public key
ssh2_shell() – Request an interactive shell
ssh2_tunnel() – Open a tunnel through a remote server

How To Migrate CakePHP 1.x To 2.x

Posted on by Jay

Today, we will focus on what we need to do to get CakePHP 1.3 application upgraded to CakePHP 2.2.3-the latest official stable release

Installation

This is pretty straight forward, same as CakePHP 1.3 version.
Download and unzip the CakePHP 2.2.3 and follow these below-mentioned instructions.

Configuration

  • core.php
  • Make sure to copy the security.salt and Security.cipher_seed from your old core.php
  • Take notice of how errors, sessions and caching have changed.
  • database.php
  • There is a minor change on this file,
  • CakePHP 1.3: ‘driver’ => ‘mysqli’
  • CakePHP 2.2.3: ‘datasource’ => ‘Database/Mysql’
  • routes.php
  • Don’t overwrite this file with your older one.
  • You can place your custom routes before or after CakePlugin::routes()
  • bootstrap.php
  • Copy all functions, constants and other code from your old bootstrap into the new one.

Folder Structure

  • The cake folder is now inside lib folder. There is nothing to do with this.
  • Files and folders are now CamelCased instead of lower_underscored
  • Example: The “users” folder inside the View becomes “Users”
  • The controller files are now UsersController.php instead of users_controller.php
  • project_user_controller.php becomes “ProjectUsersController.php”
  • The model files are now User.php instead of user.php
  • project_user.php model becomes “ProjectUser.php”
  • The components files are now FormatComponent.php instead of format.php
  • The helpers files are now DatetimeHelper.php instead of datetime.php

Moved APP files

  • The parent app_classes have been moved and renamed as well.
  • Instead of app_controller.php, app_model.php, and app_helper.php now become Controller/AppController.php, Model/AppModel.php, and View/Helper/AppHelper.php.

Auth Component and Login

  • Auth now supports multiple authorization adapters that can all be used together
  • Cake 1.3.x was automatically checking if user has correctly entered username/password inside your login () method of users_controller but in cake 2.x we need to manually call $this->Auth->login () this returns Boolean value based on successful login or failure.

If you are using “email” as your login field name
CakePHP 1.3: (inside AppController beforeFilter)

$this->Auth->fields = array('username' => 'email', 'password' => 'passw

CakePHP 2.2.3: (inside AppController beforeFilter)

$this->Auth->authenticate = array('Form' => array('fields' => array('username' => 'email', 'password' => 'password')));

Auth Login

CakePHP 2.2.3: (inside UsersController login function)

if (!empty($this->request->data)) {
if ($this->Auth->login()) {
$this->redirect($this->Auth->redirect());
} else {
//$this->Session->setFlash('Your Email or Password was incorrect.');
}
}

CakePHP 2.x auth automatically hashes the password on login but not on save.

We can add a beforeSave() method on the User model to hash the password.

public function beforeSave($options = array())
{
$this->data['User']['password'] = AuthComponent::password($this->data['User']['password']); return true;
}

Request Data

  • CakePHP 2.0 has done some request related changes.
  • The Request Object does not have “form” element any longer.
  • You will need to replace $this->params[‘form’] with $this->request[‘data’] or $this->request->data.
  • $this->data needs to be replaced with $this->request->data
  • So, now we can use $this->request->data on both form submit and AJAX post.
  • Now, we need to check !empty($this->request->data) instead of “!empty($this->data)” while saving a form.

Views Changes

  • Use $this->Html->link() instead of $html->link()
  • Use $this->Form-> instead of $form->
  • Use $this->Session-> instead of $session->
  • Use $this->Paginator-> intead of $paginator ->
  • For JavaScript inclusion use $this->Html->script(“”) instead of $javascript->link()

Moved Email Elements

  • Email elements have been moved from views/elements to View/Emails.

Helpers

  • The Ajax, Javascript, and XML helpers have been removed. You will need to replace these helper calls with appropriate alternatives
  • Helpers can no longer be called with “$helper->function()”. You need to update your helper calls to use $this->Helper->function()
  • If you are loading or importing your helpers inside another custom helper or component,
  • $myhelper = new DatetimeHelper() becomes $myhelper = new DatetimeHelper($this->_View) or $myhelper = new DatetimeHelper(new View(null))

Components

  • All component files should be extended by Component Class instead of Object

DB and Code Caution

  • There is no Enum Support in cakephp2.x as sql server doesnt have similar datatype.
  • You can change enum to tinyint(2)
  • In cake 1.3 used tinyint(1) for is_active database fields.
  • While retrieveing from database it returns 0/1
  • But, cakePHP2.x no longer returns as 0. This will return bool(true) /bool(false)
  • Boolean column values will be casted to php native boolean type automatically.

__() Function and Pagination

  • The __() function no longer has the option to echo. It always returns
  • Change the Pagination code,

CakePHP 1.3:

echo $this->Paginator->counter(array( 'format' => __('Page %page% of %pages%, showing %current% records out of %count% total, starting on record %start%, ending on %end%'', true)));

CakePHP 2.2.3:

echo $this->Paginator->counter(array( 'format' => __('Page %page% of %pages%, showing %current% records out of %count% total, starting on record %start%, ending on %end%'')));

Customizing Error Messages In RAILS

Posted on by Jay

In every application regardless of its complexity we require to customize error messages to make more sense. There are several ways to achieve it in Rails 3 and in Rails 2.3.x which are mentioned specifically and that can be handled either in models or controllers or helpers.

Solution# 1:

If it is needed to be handled in model and message need to be have customized instead of the attribute name. Like if the attribute name is “name” but you want to display messages “Employee name cannot be blank” then we have to install “custom-err-msg” plug-in.

This plugin gives you the option to not have your custom validation error message prefixed with the attribute name. Ordinarily, if you have, say:

validates_acceptance_of : terms, :message => 'Please accept the terms of service'

You’ll get the following error message: Terms Please accept the terms of service

This plugin allows you to omit the attribute name for specific messages. All you have to do is begin the message with a ‘^’ character. Example:

validates_acceptance_of :accepted_terms, :message => '^Please accept the terms of service'

step# 1

To install the ”custom-err-msg” plug-in you have to use the command.

“ruby script/plugin install https://github.com/gumayunov/custom-err-msg.git”

If you are facing problem by installing the plugin then clone it and just copy the folder (”gumayunov-custom-err-msg-640db42”) inside “Vendor/plugin/” folder

step# 2

In view file just display it as mentioned below:

Similarly, it can use in other places like,

validates_presence_of :claim_no, :message => "^Work Order/Claim number cannot be blank!"

The plugin also lets you use procs instead of strings.

Example:

validates_acceptance_of :accepted_terms, :message => Proc.new {|service| "You must accept the terms of the service #{service.name}" }

The above plug-in usage can be avoided by declaring alias for each attribute as mentioned below.
You should have a file named config/locales/en.yml, if not simply create one. There you can add your own custom names.

en:
activerecord:
models:
order: "Order"
attributes:
order:
b_name: "Business Name"

This will replace your attribute “b_name” with “Business Name”

Your Order model in app/models/order.rb should look like:

class Order < ActiveRecord::Base
validates :b_name, :presence => true

The error message will be displayed like

Business Name cannot be blank

Solution# 3:

Another way is to define a method and an error message inside the method in the model.

Class Employee < ActiveRecord::Base
validate :zip_must_be_valid
def zip_must_be_valid
unless zip.map(&:valid?).all?
errors.add_to_base " zip code is invalid"
end
end
end

We can also customize the error messages in Controllers.
Suppose “First Name” cannot be blank to be checked. Then use below code to check for it and show customized messages

if(params[:employee][:first_name].nil?)
flash[:error] = "First name should not be blank.n"
end

Subsequently, if it is required to add other messages to the above for other attributes then it can be written as,

if(params[:employee][:address].nil?)
flash[:error] += Address should not be blank.n"
end

Solution# 5

Customization of error messages can be done in controllers by adding messages to the existing error object’s method “add_to_base”.

if email_data[:"email_no_#{i}"] != "" && email_data[:"email_no_#{i}"] !~ /^([^@s]+)@((?:[-a-z0-9]+.)+[a-z]{2,})$/i
valid_params = false
@company_info_new.errors.add_to_base( "Invalid Email Id!" )
End

In views it can be displayed by writing below code:

0 %>
nil, :message => nil >

Solution# 6

The customization that can be handled in views using

“error_message_on” helpers (Rails 2.3.8)”

In case you wish to show one error message in a specific location that relates to a specific validation then use “error_message_on” helper. You might have used “error_message_on” to display field-specific error messages. Here is an example that would display an error message on a name field:

Solution# 7

You can also use “error_message_on”(Rails 2.3.8) to display non-field-specific error messages.

class User < ActiveRecord:Base
validate :user_is_active
private
def user_is_active
if self.is_active != true
errors.add : user_is_active, 'User must be active to continue'
end
end
end

Now, to display this custom validation error message with “error_message_on”, we simply need to reference “:user_is_active” when we call the helper. Consider this implementation:

Solutions# 8

class User < ActiveRecord::Base validates_presence_of :email validates_uniqueness_of :email validates_format_of :email, :with => /^[wd]+$/ :on => :create, :message => "is invalid"
end

In Rails 3 it’s possible to call a validate method and pass it a hash of attributes to define the validations instead of defining each validation separately as mentioned above.
/app/models/user.rb

class User < ActiveRecord::Base validates :email, :presence => true,
:uniqueness => true,
:format => { :with => /^([^@s]+)@((?:[-a-z0-9]+.)+[a-z]{2,})$/i }
end

In the User model we’re still validating that the field has a value and that the value is unique. For validating the format there are a number of options we can pass so we use a secondary hash to define those.

We can supply any number of validations for an attribute with a single command. While this is useful it can become cumbersome if there are a large number of validations but for most situations, it works nicely.

We can make the “:format” option more concise and clean it up a little. We often want to validate email addresses and having the same long regular expression in each validator is a little ugly and introduces repetition into the code. We can extract this out into a separate validation by creating a new class in our application’s /lib directory. We’ll call the file email_format_validator.rb.

class EmailFormatValidator < ActiveModel::EachValidator
def validate_each(object, attribute, value)
unless value =~ /^([^@s]+)@((?:[-a-z0-9]+.)+[a-z]{2,})$/i object.errors[attribute] << (options[:message] || "is not formatted properly")
end
end
end

The EmailFormatValidator class inherits from ActiveModel:: EachValidator. We have to define one method in the class “validate_each”, that takes three parameters called object, attribute and value. The method then checks that the value matches the regular expression we’re using to validate an email address and if not it will add the attribute to the objects errors.

We can use this technique to define any kind of validation we like. Now that we have our custom validator we can update the validator in the “User” model to use it.
/app/models/user.rb

class User < ActiveRecord::Base
validates :email,
:presence => true,
:uniqueness => true,
:format => { :with => /^([^@s]+)@((?:[-a-z0-9]+.)+[a-z]{2,})$/i }
end

Having an email_format key in the “validates” hash means that the validator will look for a class called email_format_validator and passes the validation behavior into the custom class that we just wrote.
If we try to create a new user now and enter an invalid email address we’ll see the expected error message.

If you have some trick to share, do it in the comments.

Why Hire PHP Developers for High Quality Web App Development

Posted on by Jay

PHP is a widely-used Open Source, general-purpose, cross-platform & HTML embedded server-side scripting language, that suits web development.

PHP Framework is a fundamental platform that helps programmers for rapid and effective development. It’s one of the powerful tool which helps to tweak code in a standard configured manner & can be used with many relational database management systems (RDBMS).

Reasons of Choosing PHP scripting language

Simple and Easy To Learn

PHP is one of the easiest scripting language to learn and understandable by developers. The syntax is somewhat similar to Java and C. However, knowledge of HTML is the only prerequisite to code in PHP.

Instant Support

When a developer stuck with any coding issue, there are huge numbers of references, forums and support communities available online and they are free. This is simply because, PHP is very popular, widely used and having the largest user base.

Supports All Major OS

PHP can be run on top of major operating systems such as Windows, Linux, UNIX, Mac OSX and so on.

Free of Cost

PHP is an open source and 100% Free for use by anyone. This cuts down cost of production as well as hosting. For these reasons it enjoys popularity over other expensive scripting languages such as ASP, JSP and others.

Integration

PHP makes developers life easy as it can be integrated easily with any of the systems like MongoDB, Memcache, Pusher and more. More or less PHP applications can cater any verticals such as banking sectors, health/hospital industry, government sector or corporates and so on.

Frameworks

PHP developers can develop robust application within a very short time frame using a variety of frameworks like Symfony, Slim, Silex, Zend and Aiki. Each framework allows you to avail a set of benefits including code reuse, better session management and database access libraries.

Easier to fix problems

It is obvious that the web application development is not free from issues, however with PHP it is comparatively easier to troubleshoot than it’s counterparts. This is because with each request, PHP cleans up and starts over. So issue with one request does not affect another request.

Scalability

Scalability is always in demand be it for databases, hosting, or programming, scalability. PHP is built in such a way that you can easily increase your cluster size with grow of your projects.

Object Oriented

Java and Windows COM objects can be called called from PHP. Also PHP allows to create custom classes which in turn can be borrowed by other classes. This is one of the useful capabilities of PHP.

Speed

PHP does not take lot of system resource and operates much faster than other scripting languages. PHP maintains its speed even if it is used with other software. Since PHP is out for a long time, continuous effort is on to make it even better. As a result of which it is fairly stable compared to it’s counterparts.

While planning anything on CakePHP, you should always choose a reliable company like Andolasoft to handle your work. Get in touch to convert your ideas into app.