PHP Magazine has a free issue coming up on 15 Dec 2003 to celebrate the new monthly version of their magazine to be published in PDF format. A few weeks ago, I was asked to write the cover article, an offer I happily accepted.
My article discusses sessions. After covering some basics about HTTP, maintaining state, and cookies, I spend
the rest of the time discussing impersonation attacks and methods of prevention. My approach is to give readers the background information they need to make educated decisions about the techniques they employ, and then to contrast a few suggested techniques with the steps necessary to subvert them. I think this contrast provides a nice metric by which to measure the strength of each approach.
One important point that I mention in the article is that there is no perfect solution. While I introduce a few different techniques that can be used to complicate impersonation, I am hoping that my readers will think of many more and be willing to share them. If you have a favorite technique for securing your sessions, please contact me and describe it. In exchange, I will send you a reply with my review of your implementation, and I will also compile my favorites and share them in my blog or as a future (free) article.
I just discovered Localfeeds, a search engine for feeds where the searches are based on geographic location. This seemed interesting enough, so I typed in my ZIP (10001) and was shown the most recent blogs within 50 miles of 10001 (New York City). Sure enough, there are a lot of people talking about the big snow storm we're having here. Neat.
The current trend seems to be that people interested in a particular topic tend to read the same blogs. While this can be good in that you explore the perspectives related to a particular topic from people all around the world, it is pretty fun to see what random people who live near you are talking about. I would never think of writing about the current snow storm, for example, because most people who read my blog are interested in PHP or Web development, but it was cool to read blogs of people who did just that.
Not wanting to be left out, I went back to the first page to see how to get added to such a thing. Is your site ready for Localfeeds? I typed in http://shiflett.org/ to find out. I was shown the checklist for shiflett.org, which was much different than what you will see now. I did not properly indicate the coordinates for where I live, which I learned must be expressed in a meta tag:
<meta name="ICBM" content="40.750422,-73.996328" />
After adding this and returning to the checklist, I found everything to be in order, and I was told to click a link to notify Localfeeds and GeoURL. I then visited GeoURL, out of curiosity, and I saw my site listed:
Chris Shiflett: Home (near New York, USA. see neighbors)
Very cool. Of course, I feel like the last to know about this stuff, but maybe this will introduce it to someone new.
PHP has one of the largest developer communities in the world, yet we have no community gathering place like those you can find for other languages (Perl has http://use.perl.org/, for example).
Want to help change this?
I am coordinating the development of a web site that is built by and for the PHP community. Its features may include such things as:
- Personal blogs for all registered users
- Frequent community news and user comments (Slashdot style)
- Weekly summaries of key mailing lists (such as php-general)
- Weekly summaries of other news from related communities
- News from various user groups (such as NYPHP)
- Links, FAQs, articles, tutorials, and other helpful documentation
More importantly, the features will be driven by the needs of the
community and not any one person. This list is just an example of the most
common features found on other community sites.
Will this site seek to eliminate other PHP sites that offer one or more of
these features already? Absolutely not. My hope is to help bring the
community together, both the people in the community as well as all
I have spoken with O'Reilly, and they have agreed to support us in this
endeavor with servers, bandwidth, administration, and anything else we
need. All we have to do is provide the people to develop and maintain the
site and its content.
You don't have to be an expert to help out. I need people to fill the
following roles (multiple people can fill the same role, and a single
person can fill multiple roles):
- Site management and global vision
- Coding standards and software architecture
- Security audits and general guidance
- Weekly summary of php-general
- Weekly summary of php-internals
- Weekly summary of general community news
- News item selection and posting (users can submit suggested news)
- Database design
- Software development (PHP, Perl, etc.)
- PHP user group representatives (updated news from your group)
- Content writers (FAQs, articles, tutorials, etc.)
- Graphic designers, user interface specialists, etc.
- Advocacy (get the word out, solicit volunteers, etc.)
There are likely many other roles to be filled. If you think you can help
out a lot, please consider the first role, site management and global
vision. If you want to help but don't feel like you fit into any specific
role, don't worry about it (any help is very much appreciated).
There will be mailing lists, CVS, and other tools available to assist in
the creation of this site. More information about these things will be
given to those who are interested in being involved.
Please send me an email if you are willing to help.
Mention where you are interested in helping and any information about
yourself that you think is important. This information is not intended to
determine whether anyone is "worthy" or any silliness like that, but it is
rather to help organize the contributors so that everyone is doing
something they enjoy.