The document discusses using the Zend Framework's Zend_Acl component to implement access control lists (ACLs) for authorization in a dynamic web application. It describes how Zend_Acl works and some of its limitations as complexity increases. It then presents an alternative approach that uses a database backend with caching to define ACL rules externally for improved maintenance, and integrates authorization checks directly into the MVC request rather than at the resource level.
Error Reporting in ZF2: form messages, custom error pages, loggingSteve Maraspin
Errors frustrate users. No matter if it's their fault or applications', risks that they'll lose interest in our product is high. In this presentation, given at the Italian ZFDay 2014, I discuss about these issues and provide some hints for improving error reporting and handling.
An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. The Zend Acl will teach us how we should implement the ACL functionality for the web applications which is built in Zend Framework.
Content Driven Zend_Acl in the Model LayerJeroen Keppens
Most people use Zend_Acl to control access to certain controllers/actions. While this is good for most use cases, sometimes you need to go further. For example you can specify that a user has access to article/view, but you might also want to limit access to certain articles for certain roles.
Presentation for azPHP on setting up a new project using Zend_Tool. Also goes over creating basic modules, controllers, actions, models and layouts.
All code in the presentation has not necessarily been tested. Will update presentation when done.
Error Reporting in ZF2: form messages, custom error pages, loggingSteve Maraspin
Errors frustrate users. No matter if it's their fault or applications', risks that they'll lose interest in our product is high. In this presentation, given at the Italian ZFDay 2014, I discuss about these issues and provide some hints for improving error reporting and handling.
An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. The Zend Acl will teach us how we should implement the ACL functionality for the web applications which is built in Zend Framework.
Content Driven Zend_Acl in the Model LayerJeroen Keppens
Most people use Zend_Acl to control access to certain controllers/actions. While this is good for most use cases, sometimes you need to go further. For example you can specify that a user has access to article/view, but you might also want to limit access to certain articles for certain roles.
Presentation for azPHP on setting up a new project using Zend_Tool. Also goes over creating basic modules, controllers, actions, models and layouts.
All code in the presentation has not necessarily been tested. Will update presentation when done.
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learnedBaldur Rensch
Hautelook is a large ecommerce application that is currently running a Zend Framework 1 backend. The next iteration of its API (used by desktop, mobile, as well as iPhone and Android native applications) is done with Symfony 2. This API is following the principles for hypermedia APIs. To that end, Hal+Json is the media-type we chose, and we implemented most of it using the FSC HateoasBundle. Another critical piece of Hal+Json APIs is documentation. To this end we have used NelmioApiDocBundle to automatically generate documentation for the API endpoints. The other critical piece of any application is performance for which we use XHProf with XHGui. In my talk I want to touch on all those aspects, show some of the lessons learned, how we solved some of the problems, and what is still unsolved.
Learn in-depth Zend_Form techniques to automate and power your applications forms, with or without using Zend Framework. Learn everything from setup of a form to custom elements and organizational best practices.
Presented at #PHPLX 11 September 2013
The 2013 edition of OWASP (Open Web Application Security Project) top 10 has just been released and unfortunately Injections (not only SQL injection) is still the most common security problem. In this talk we will review the top 10 list of security problems looking at possible attack scenarios and ways to protect against them mostly from a PHP programmer perspective.
Mike Creuzer's presentation from the December, 2009 Suburban Chicago PHP & Web Dev Meetup. The topic is SQL injection in PHP and common PHP content management systems.
Visit Mike's blog at http://mike.creuzer.com/
A long time ago in code base not so far away...
It's a time of prosperity and happiness. Development Teams have improved their coding skills and are now very familiar with writing code with proper DocBlock comments and unit tests, safeguarding their code bases against unwanted behaviour. But the evil Internet is building their new weapon against the Development Teams and sneaks through the gaps still uncovered by tests.
Will the Development Teams be in time to safeguard their code base again and bring peace and balance in the universe?
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
I'll present you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)Wim Godden
Slides from the Zend Webinar on 'Creating fast and dynamic ACLs in Zend Framework' (15 June 2011).
Zend Framework's Access Control Layer system is simple and straight-forward; however, as the number of rules increase in size and complexity, maintenance and performance suffer. The solution: a dynamic, reflection-based ACL system, with built-in caching. Sound complicated?
Don't worry, it's easy to setup and a lot easier to manage! Join this webinar to learn how!
Presenter: Wim Godden
Moving a high traffic ZF1 Enterprise Application to SF2 - Lessons learnedBaldur Rensch
Hautelook is a large ecommerce application that is currently running a Zend Framework 1 backend. The next iteration of its API (used by desktop, mobile, as well as iPhone and Android native applications) is done with Symfony 2. This API is following the principles for hypermedia APIs. To that end, Hal+Json is the media-type we chose, and we implemented most of it using the FSC HateoasBundle. Another critical piece of Hal+Json APIs is documentation. To this end we have used NelmioApiDocBundle to automatically generate documentation for the API endpoints. The other critical piece of any application is performance for which we use XHProf with XHGui. In my talk I want to touch on all those aspects, show some of the lessons learned, how we solved some of the problems, and what is still unsolved.
Learn in-depth Zend_Form techniques to automate and power your applications forms, with or without using Zend Framework. Learn everything from setup of a form to custom elements and organizational best practices.
Presented at #PHPLX 11 September 2013
The 2013 edition of OWASP (Open Web Application Security Project) top 10 has just been released and unfortunately Injections (not only SQL injection) is still the most common security problem. In this talk we will review the top 10 list of security problems looking at possible attack scenarios and ways to protect against them mostly from a PHP programmer perspective.
Mike Creuzer's presentation from the December, 2009 Suburban Chicago PHP & Web Dev Meetup. The topic is SQL injection in PHP and common PHP content management systems.
Visit Mike's blog at http://mike.creuzer.com/
A long time ago in code base not so far away...
It's a time of prosperity and happiness. Development Teams have improved their coding skills and are now very familiar with writing code with proper DocBlock comments and unit tests, safeguarding their code bases against unwanted behaviour. But the evil Internet is building their new weapon against the Development Teams and sneaks through the gaps still uncovered by tests.
Will the Development Teams be in time to safeguard their code base again and bring peace and balance in the universe?
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
I'll present you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.
Creating fast, dynamic ACLs in Zend Framework (Zend Webinar)Wim Godden
Slides from the Zend Webinar on 'Creating fast and dynamic ACLs in Zend Framework' (15 June 2011).
Zend Framework's Access Control Layer system is simple and straight-forward; however, as the number of rules increase in size and complexity, maintenance and performance suffer. The solution: a dynamic, reflection-based ACL system, with built-in caching. Sound complicated?
Don't worry, it's easy to setup and a lot easier to manage! Join this webinar to learn how!
Presenter: Wim Godden
SugarCon 2010 - Best Practices for Creating Custom Apps in SugarJohn Mertic
One of the most important features of SugarCRM for developers is the ability to build customizations, even custom apps, to suit your needs. In this talk, John Mertic will detail some of the most common customization use cases from the field and provide guidelines on how to build upgrade-safe customizations and custom apps that will help meet the needs of your given company.
Zend_Form simplifies form creation and handling in
your web application. It accomplishes the following
goals:
- Input filtering
- Input validation
- Element ordering
- Element and Form rendering
- Element and Form grouping
- Element and Form-level configuration
User Experience is dead. Long live the user experience!Greg Bell
The importance of a great user experience has never been as important as it is today. Users expect to be able to just pick up the newest gadget or piece of software and be able to figure it out with ease. The role of user experience professional is dead. Everyone from the marketing team to the intern-developer must be a user experience professional to make a successful product.
It has been said that it takes 10 years to create successful software, does our current understanding of user experience fit within this model? How does the user experience actually get defined and who has the power to change it? How can the user experience get shaped in a more iterative and evolutionary way?
Through the lens of releasing a social software application and moving from consultant to product owner, this talk explores current user experience methodologies as well as lessons learned through web application release and management.
Smart efficient design using REST and MVC.
Web applications are everywhere now, but many of them misuse the basic concepts laid down by the HTTP protocol, miss the benefits of making the application and the API the same thing, and don't set themselves up to grow if things take off.
This talk will look at the design decisions you need to make to ensure that your application really is ReST-ful, how we fit that cleanly into MVC, and how state machines can help us manage clean state changes in a stateless protocol. The talk will go into some of the available design patterns with class diagrams and code snippets showing how and where to implement them.
Originally presented at PHP UK 2009.
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
Who would have thought putting 140 charachter messages about one's life online or having a virtual farm game could ever be popular ? Then again, many of us have those weird (but sometimes brilliant) ideas.
But no matter how incredible your ideas might be, getting them launched successfully takes more than writing lots of php code, smacking a sleek design on it and dropping it on a server.
So what does it take ? Where do most ideas crashland and how can you avoid making the same mistakes and transform your ideas into reality ? We'll look at what steps are needed to make a service successful and sustainable.
With PHP 8.0 recently released and PHP 5.x still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 8.x, but on how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
With PHP 7.2 recently released and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 7.0 (or preferably 7.1), but on how to get code ready for the latest version of PHP.
Using the version compatibility checker for PHP_CodeSniffer and a few simple step-by-step instructions, upgrading old code to make it compatible with the latest PHP versions becomes actually really easy. In this talk, we'll migrate an old piece of code and get rid of the demons of the past and ready for the present and future.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
The time of static or dynamically generated sites is long gone. Non-stop interaction with users is the new normal. However, polling with Ajax requests is processor intensive and cumbersome. Websockets allow you to interact with users in real-time without increasing system load. We'll go through the basics and see all the different options, illustrated with live examples of how and when to use it, as well as when not to use it.
Who would have thought putting 140 charachter messages about one's life online or having a virtual farm game could ever be popular ? Then again, many of us have those weird (but sometimes brilliant) ideas.
But no matter how incredible your ideas might be, getting them launched successfully takes more than writing lots of php code, smacking a sleek design on it and dropping it on a server.
So what does it take ? Where do most ideas crashland and how can you avoid making the same mistakes and transform your ideas into reality ? We'll look at what steps are needed to make a service successful and sustainable.
Your app lives on the network - networking for web developersWim Godden
Our job might be to build web applications, but we can't build apps that rely on networking if we don't know how these networks and the big network that connects them all (this thing called the Internet) actually work.
I'll walk through the basics of networking, then dive a lot deeper (from TCP/UDP to IPv4/6, source/destination ports, sockets, DNS and even BGP).
Prepare for an eye-opener when you realize how much a typical app relies on all of these (and many more) working flawlessly... and how you can prepare your app for failure in the chain.
With PHP 7.2 recently released and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 7.0 (or preferably 7.1), but on how to get code ready for the latest version of PHP.
Using the version compatibility checker for PHP_CodeSniffer and a few simple step-by-step instructions, upgrading old code to make it compatible with the latest PHP versions becomes actually really easy. In this talk, we'll migrate an old piece of code and get rid of the demons of the past and ready for the present and future.
With PHP 7.2 recently released and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 7.0 (or preferably 7.1), but on how to get code ready for the latest version of PHP.
Using the version compatibility checker for PHP_CodeSniffer and a few simple step-by-step instructions, upgrading old code to make it compatible with the latest PHP versions becomes actually really easy. In this talk, we'll migrate an old piece of code and get rid of the demons of the past and ready for the present and future.
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
The time of static or dynamically generated sites is long gone. Non-stop interaction with users is the new normal. However, polling with Ajax requests is processor intensive and cumbersome. Websockets allow you to interact with users in real-time without increasing system load. We'll go through the basics and see all the different options, illustrated with live examples of how and when to use it.
Your app lives on the network - networking for web developersWim Godden
Our job might be to build web applications, but we can't build apps that rely on networking if we don't know how these networks and the big network that connects them all (this thing called the Internet) actually work.
I'll walk through the basics of networking, then dive a lot deeper (from TCP/UDP to IPv4/6, source/destination ports, sockets, DNS and even BGP).
Prepare for an eye-opener when you realize how much a typical app relies on all of these (and many more) working flawlessly... and how you can prepare your app for failure in the chain.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
From ReactPHP to Facebook Hack's Async implementation and many more, asynchronous programming has been a 'hot' topic lately. But how well does async programming support work in PHP and what can you actually use it for in your projects ? Let's look at some real-world use cases and how they leverage the power of async to do things you didn't know PHP could do.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
With more and more sites falling victim to data theft, you've probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we'll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We'll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
46. Zend_Acl as a controller plugin <?php class My_Plugin_Acl extends Zend_Controller_Plugin_Abstract { private $_acl = null; public function __construct(Zend_Acl $acl ) { $this ->_acl = $acl ; } public function preDispatch(Zend_Controller_Request_Abstract $request ) { $role = (Zend_Auth::getInstance()->hasIdentity()) ? 'user' : 'guest' ; //For this example, we will use the controller as the resource: $resource = $request ->getControllerName(); if (! $this ->_acl->isAllowed( $role , $resource , 'view' )) { //If the user has no access we send him elsewhere by changing the request and resetting the dispatch $request ->setModuleName( 'auth' ) ->setControllerName( 'auth' ) ->setActionName( 'login' ) ->setDispatched(false); return false; } } }
48. Zend_Acl manual rules <?php class My_Acl extends Zend_Acl { public function __construct() { //Add a new role called "guest" $this ->addRole( new Zend_Acl_Role( 'guest' )); //Add a role called user, which inherits from guest $this ->addRole( new Zend_Acl_Role( 'user' ), 'guest' ); //Add a resource called page $this ->add( new Zend_Acl_Resource( 'page' )); //Add a resource called news, which inherits page $this ->add( new Zend_Acl_Resource( 'news' ), 'page' ); //Finally, we want to allow guests to view pages $this ->allow( 'guest' , 'page' , 'view' ); //and users can comment news $this ->allow( 'user' , 'news' , 'comment' ); } }
49. Our ACL id role_id module controller action 1 2 newsletter send index 2 1 cms article edit 3 3 % % % id name email pw 1 Chris [email_address] ******* 2 Jake [email_address] ******* 3 Jeniffer [email_address] ******* id name 1 webmaster 2 marketeer 3 admin user_id role_id 1 2 2 3 3 1
50. Application_Acl class Application_Acl { public function isAllowed($user = null , $request = null ) { if (is_null($user) === false && $user !== false && $user instanceof User) { $userId = $user-> id ; } else { $userId = 0; } $db = Zend_Db_Table:: getDefaultAdapter (); $stmt = $db->query( ' select module_name, controller_name, action_name from privilege join role on role.id = privilege.role_id join userRole on userRole.role_id = role.role_id where userRole.user_id = ? and ( module_name = "%" or ( module_name = ? and ( controller_name = "%" or ( controller_name = ? and ( action_name = "%" or action_name = ? ) ) ) ) ) ' , array ( $userId, $request->getModuleName(), $request->getControllerName(), $request->getActionName() ) ); $stmt->execute(); $row = $stmt->fetch(); // Returns a row or false if ($row !== false ) { return true ; } else { return false ; } } }
62. What's in the cache ? Entry Data acl_user_3 3, 1, 4 acl_user_1 3, 1, 2 acl_role_1 a:3:{i:0;s:45:"a:2:{i:0;s:5:"%_%_%";}";i:1;i:1308106740;i:2;s:6:"604800";} User's roles Privileges listed in a role