Simply input the snippet below into any PHP file and you’ll get a browser-friendly snapshot of all variables defined in the current scope. This is especially handy in larger systems like WordPress or Smarty where a needed value may already be defined by the system but you have no way of knowing the variable’s name.
<?php print_r(get_defined_vars()); ?>
In today’s world, a secure authentication mechanism for web sites is an absolute necessity. Hackers and script kiddies love to hijack accounts in any way possible. While it’s impossible to completely prevent a man in the middle access attack, utilizing SCRAM will certainly make it exponentially more difficult. For a site that isn’t running e-commerce, I believe this is a much more cost-effective solution to an SSL certificate. SCRAM (Salted Challenge Response Authentication Mechanism) is a new protocol and data storage mechanism to support password based authentication. SCRAM addresses a number of important security issues that are not dealt with by existing mechanisms, in a manner that can be cleanly deployed and widely implemented.
SCRAM is a SASL (Simple Authentication and Security Layer) mechanism, which means that it can be used with any standardized protocol that uses SASL, including XMPP client/server protocol, LDAP, SMTP, POP and IMAP. The basic concept of SCRAM is that the client and server never send enough information for a hacker to simply decrypt (or use rainbow tables) the password. Instead, a ‘client proof’ is generated that the server uses to determine authentication.
The SCRAM authentication process works like this:
A good example can be found on 4sak3n Design.
The PHP Secure Communications Library contains LGPL-licensed pure-PHP implementations of arbitrary-precision integers, fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, SSH-1, SSH-2, and SFTP. Although many of the features this library implements are implemented in PHP via optional extensions, what are you, as a developer, going to do when a user tries to run your software on a host which, coincidentally, doesn’t happen to have that optional extension installed? This library uses those optional extensions if they’re available and falls back on an internal PHP implementation if they’re not. This library is written using the same conventions that libraries in the PHP Extension and Application Repository (PEAR) have been written in.
Crypto-JS is a growing collection of standard and secure cryptographic algorithms implemented in JavaScript using best practices and patterns. They are fast, and they have a consistent and simple interface. Additionally it offers some helper functions than are often required when working with hashes and cryptography on the web like fast Base64 and UTF8 encoding or decoding. It’s completely modular. You only need to load the parts that you actually use in your application and there are even several single file bundles that contain sets of cryptographic functions that are often needed together. Crypto-JS can be custom compiled using Google’s Closure Compiler if need be, which makes it an extremely small library to include. It’s a really nice library that provides more cryptographic functions than you could dream of:
Amersfoort Jazz is an annual open air jazz festival in the Dutch city of Amersfoort. The festival has eight stages all over the old part of the inner city of Amersfoort, and is traditionally held in the second weekend of may. It is a large free three day event, and it attracks over 100.000 visitors every year.