Earn an NSA recognized IA Masters Online - The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
Review: Object-Oriented PHP
By: Efren J. Belizario
PHP has grown to become one of the most popular scripting languages on the web. It offers many possibilities to its users, from building a complex and innovative content management system to forming a simplistic family photo album. PHP is also a useful programming language in that it helps eliminate redundancy while promoting time-saving and dynamic methodology. With PHP and an object-oriented approach (OO), using PHP has countless advantages. Peter Lavin's highlights this and more in Object-Oriented PHP.
Audience:
Lavin's approach makes this book very easy to read, however, this is not meant for the novice programmer. Lavin expects that the reader has some knowledge of PHP or C, HTML, and CSS. Lavin is not shy about jumping right into the programming terminology as he warns the reader of this in the opening chapter. If you are familiar with PHP, read it. If you are familiar with OO, read it. This will get your feet wet and eventually soak you all the way through. If you plan on using PHP to create your dynamic website, have this book ready.
Summary:
Lavin begins with the cliche "What Does This Book Have to Offer?" and "Why Should I Read This Book?". Naturally, an advanced programmer would overlook these sections, but it is surprising how much OO and PHP go hand-in-hand (even without realizing it). He also gives a quick rundown of each chapter and the histories of PHP and OO.
The purpose of OO is to help simplify your work with PHP. Lavin uses the example of a global menu - instead of copying and pasting the same snippet of code for each page, use an include and, viola, your keystrokes and right mouse clicks do not have to be used in vain. Simplicity cuts down the losses in time and energy objects that programmers cannot spare.
Chapters 2 through 9 are overviews of object orientation, OO features in PHP 5, and classes. The first sightings of actual code do not appear until the fourth chapter when Lavin introduces his DirectoryItems class. Eventually, he offers enough code for the reader to create his/her own image navigation interface to begin a working photo album (complete with file browsing, pagination, and, of course, use of MySQL).
Later chapters dive deeper into the concepts and tools learned from the first half of the book. MySQL exceptions and trappings are covered in Chapter 10, while Lavin introduces advanced methods and techniques, such as reflection classes, using XML and CSS, in Chapters 11 through 16.
Opinion:
What I would like to see more of is AJAX and PHP. Peter Lavin admits that he is not the one to give a tutorial on such a subject, however, he does tease us with a paragraph that sets us up for building a foundation on AJAX. He also graciously provides us with a URL for further investigation.
As you continue your journey with PHP, do so with the use of OO and the inheritance of effective, time-saving methods. PHP and OO allow you to do so as Lavin clearly suggests in Object-Oriented PHP. This is not a PHP Bible, by any means, but it is a useful book to add to your library.
The Community edition of EnGarde Secure Linux is completely free and open source. Updates are also freely available when you register with the Guardian Digital Secure Network.
Guardian Digital Makes Email Safe For Business - Microsoft 365, Goo....
LinuxSecurity.com Feature Extras:
EnGarde Secure Linux v3.0.7 Now Available - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.7 (Version 3.0, Release 7). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool and the SELinux policy, several updated packages, and several new packages available for installation.
Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.
Take advantage of our Linux Security discussion
list! This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to
Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.
| Debian | ||
| Debian: New courier packages fix denial of service | ||
|
23rd, June, 2006
Updated package. advisories/debian/debian-new-courier-packages-fix-denial-of-service-8523 |
||
| Debian: New pinball packages fix privilege escalation | ||
|
26th, June, 2006
Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges. advisories/debian/debian-new-pinball-packages-fix-privilege-escalation |
||
| Debian: New Linux kernel 2.6.8 packages fix several vulnerabilities | ||
|
27th, June, 2006
Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. advisories/debian/debian-new-linux-kernel-268-packages-fix-several-vulnerabilities-40262 |
||
| Mandriva | ||
| Mandriva: Updated MySQL packages fixes authorized user DoS(crash) vulnerability. | ||
|
23rd, June, 2006
Mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue. |
||
| Mandriva: Updated gd packages fix DoS vulnerability. | ||
|
27th, June, 2006
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. gd-2.0.15 in Corporate 3.0 is not affected by this issue. Packages have been patched to correct this issue. |
||
| Mandriva: Updated tetex packages fix embedded GD vulnerabilities | ||
|
27th, June, 2006
Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Tetex contains an embedded copy of the GD library code. |
||
| Mandriva: Updated libwmf packages fixes embedded GD vulnerability | ||
|
28th, June, 2006
Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code. (CAN-2004-0941) Updated packages have been patched to address this issue. |
||
| Mandriva: Updated mutt packages fix buffer overflow vulnerability | ||
|
28th, June, 2006
A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. Updated packages have been patched to address this issue. |
||
| SuSE | ||
| SuSE: php4 bugfix update (SUSE-SA:2006:034) | ||
|
22nd, June, 2006
Updated package. |
||
| SuSE: various Mozilla browser security | ||
|
23rd, June, 2006
Updated package. |
||
| SuSE: mysql remote code execution | ||
|
23rd, June, 2006
Updated package. |
||
| SuSE: freetype2 (SUSE-SA:2006:037) | ||
|
27th, June, 2006
The freetype2 library renders TrueType fonts for open source projects. More than 900 packages on SUSE Linux use this library. Therefore the integer overflows in this code found by Josh Bressers and Chris Evans might have a high impact on the security of a desktop system. The bugs can lead to a remote denial-of-service attack and may lead to remote command execution. The user needs to use a program that uses freetype2 (almost all GUI applications do) and let this program process malicious font data. |
||
