The document discusses using inversion of control (IoC) and dependency injection (DI) to decouple classes and make them more flexible and testable in PHP. It provides an example of refactoring an authenticator class to depend on a user repository interface rather than a concrete class. This decreases coupling and allows different repositories to be injected. It then discusses using a service container to further abstract object creation and injection of dependencies defined through code or configuration.
Create Your Own Framework by Fabien PotencierHimel Nag Rana
This is a combined form of series of articles by Fabien Potencier - the author of Symfony Framework. I have collected and converted them as this ebook for storing and sharing purpose.
This document provides over 30 tips and tricks for using Zend Studio more efficiently. It covers shortcuts for navigating and editing code, project management best practices like separating front-end and back-end code, source editing features like code completion and refactoring, and release engineering tools for automating builds and integrating with version control and bug tracking systems. The presentation encourages developers to master their tools as much as their code in order to improve development processes.
How to build customizable multitenant web applications - PHPBNL11Stephan Hochdörfer
This document discusses how to build customizable multitenant web applications. It explains that a single-tenant architecture is not scalable and leads to maintenance issues. A multi-tenant architecture allows customizing the frontend, backend, workflows and logic for each tenant. This is achieved through feature-driven CSS, modularization, dependency injection and aspect-oriented programming to allow custom pre- and post- processing hooks for things like payments.
How to build a chat application with react js, nodejs, and socket.ioKaty Slemon
In the tutorial, we will learn about how to build a chat app using ReactJs, NodeJS, and Socket.IO. Clone the Github repository and play around with the code.
Stephan Hochdörfer discusses various techniques for testing code that is difficult to test, known as "untestable code". He covers approaches like using autoloading and modifying the include path to mock dependencies, as well as overriding language functions with runkit. Generative programming is proposed as a way to automatically generate testable code by replacing dependencies with mocks. The key messages are that one should write testable code from the start, and that PHP provides many creative ways to test code through language features and workarounds.
The document discusses OAuth 2.0 security threats including session injection with CSRF, token leakage, token reuse/misuse, and token export. It provides details on the threats, victims, and best practices for mitigation. These include using short-lived authorization codes, TLS, proof-key-for-code-exchange, limiting grant types by client, white-listing redirect URIs, token binding, and enforcing throttle limits to prevent token misuse. The presentation encourages attendees to review their OAuth 2.0 implementations against these threats and ensure authorization servers follow security best practices.
Create Your Own Framework by Fabien PotencierHimel Nag Rana
This is a combined form of series of articles by Fabien Potencier - the author of Symfony Framework. I have collected and converted them as this ebook for storing and sharing purpose.
This document provides over 30 tips and tricks for using Zend Studio more efficiently. It covers shortcuts for navigating and editing code, project management best practices like separating front-end and back-end code, source editing features like code completion and refactoring, and release engineering tools for automating builds and integrating with version control and bug tracking systems. The presentation encourages developers to master their tools as much as their code in order to improve development processes.
How to build customizable multitenant web applications - PHPBNL11Stephan Hochdörfer
This document discusses how to build customizable multitenant web applications. It explains that a single-tenant architecture is not scalable and leads to maintenance issues. A multi-tenant architecture allows customizing the frontend, backend, workflows and logic for each tenant. This is achieved through feature-driven CSS, modularization, dependency injection and aspect-oriented programming to allow custom pre- and post- processing hooks for things like payments.
How to build a chat application with react js, nodejs, and socket.ioKaty Slemon
In the tutorial, we will learn about how to build a chat app using ReactJs, NodeJS, and Socket.IO. Clone the Github repository and play around with the code.
Stephan Hochdörfer discusses various techniques for testing code that is difficult to test, known as "untestable code". He covers approaches like using autoloading and modifying the include path to mock dependencies, as well as overriding language functions with runkit. Generative programming is proposed as a way to automatically generate testable code by replacing dependencies with mocks. The key messages are that one should write testable code from the start, and that PHP provides many creative ways to test code through language features and workarounds.
The document discusses OAuth 2.0 security threats including session injection with CSRF, token leakage, token reuse/misuse, and token export. It provides details on the threats, victims, and best practices for mitigation. These include using short-lived authorization codes, TLS, proof-key-for-code-exchange, limiting grant types by client, white-listing redirect URIs, token binding, and enforcing throttle limits to prevent token misuse. The presentation encourages attendees to review their OAuth 2.0 implementations against these threats and ensure authorization servers follow security best practices.
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
Video: http://www.nicovideo.jp/watch/1410857293
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This version of the presentation has Japanese subtitles. For the English only version, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework
This document discusses Cloud Native Identity Management using SPIFFE (Secure Production Identity Framework for Everyone) and SPIRE (SPIFFE Runtime Environment). It provides an overview of SPIFFE and SPIRE, including how they address identity management challenges in cloud-native environments. It then summarizes how SPIRE implements the SPIFFE specifications through a node attestation and workload attestation process where a SPIRE agent authenticates to a server, retrieves selectors to verify workloads, and issues signed identity documents when a workload matches the selectors.
This document provides an overview of JavaScript concepts including:
- Where JavaScript can run including web browsers and JavaScript engines.
- Key differences from Java like JavaScript arriving as text with no compiler and need to work across runtime environments.
- Tools for debugging and developing JavaScript like Firefox's Firebug and Chrome Developer Tools.
- Variables, functions, objects, and inheritance in JavaScript compared to other languages like Java. Functions can be treated as first-class objects and assigned to properties or passed as callbacks.
In building large scale web applications MVC seems like a good solution in the initial design phase. However after having built a few large apps that have multiple entry points (web, cli, api etc) you start to find that MVC breaks down. Start using Domain Driven Design.
Domain-driven design (DDD) is an approach to software development for complex needs by connecting the implementation to an evolving model.[1] The premise of domain-driven design is the following:
Placing the project's primary focus on the core domain and domain logic.
Basing complex designs on a model of the domain.
Initiating a creative collaboration between technical and domain experts to iteratively refine a conceptual model that addresses particular domain problems.
Have more questions?
Twitter: @wajrcs
Web: http://waqaralamgir.tk
This document discusses data validation models and different approaches to validation. It covers syntactic validation to check data type and format, as well as semantic validation to check if data makes sense. Various PHP libraries and frameworks are benchmarked for validation performance. Deferred validation using argument resolvers is recommended to ensure objects are always valid. Domain models should encapsulate semantic validation rules. Validation should occur as early as possible to catch errors quickly.
Recipes to build Code Generators for Non-Xtext Models with XtendKarsten Thoms
This document discusses code generators for non-Xtext models using Xtend. It provides an overview of creating minimal generators using JSON and Xtend templates, and more full-featured generators using the Xtext framework and EMF models. Key aspects covered include model navigation in Xtend templates, extensions, dynamic dispatch, IDE support, modularization, dependency injection, and incremental generation.
This document provides an overview of ASP.NET MVC frameworks and how to get started with ASP.NET MVC 4. It discusses how ASP.NET MVC supports the MVC pattern and test-driven development. It also describes how to install ASP.NET MVC 4, create a basic MVC 4 project with different templates, add controllers and views, and connect to a database using Entity Framework.
The document discusses using PHPUnit for testing PHP code. It provides advantages of unit testing like catching bugs early and promoting code quality. It describes different types of tests like browser tests using Selenium and software tests checking PHP variables. It outlines the anatomy of test classes and functions, showing how to set up tests, target elements, make assertions. It also discusses how testing will work for the Baker project and Gearbox software, with shared testing resources and triggering tests through the admin center or continuous integration.
This document provides an overview and introduction to the Spring framework. It discusses key Spring concepts like inversion of control (IoC), dependency injection, and the model-view-controller (MVC) architecture. It also summarizes Spring modules for web applications, data access, security, and testing. Code examples are provided for common Spring features like configuration, bean management, MVC controllers, validation, and security.
In this session, you will learn about typical best practices and idioms for building continuously running, extensible and maintainable code generators with Xtend. We think Xtend is the best language for code generation available today.
Connect.Tech- Enhancing Your Workflow With Xcode Source Editor Extensionsstable|kernel
Developers are constantly refining their workflow in order to master their craft. There is a plethora of tools available that can help bootstrap a project, increase efficiency, or simply make developers happy. Let’s explore the newly introduced Xcode Source Editor Extensions; an Application Extension that gives developers the power to create custom actions in Xcode’s Editor menu.
The Tooling API provides powerful new ways to manage your code. It can help you measure code health, find circular dependencies, and identify code that's no longer in use. Join us to learn how to use the Tooling API to conduct a quality analysis of your code, and how to do this using an app integrated via Force.com Canvas -- no command line or desktop install required! Take your Apex knowledge to the next level.
This presentation is about a basic Overview of Ext JS framework. Covers the discussion on topics like Understanding Ext JS API, Ext JS component Life cycle,Ext JS Components and Events and Ext JS Layouts etc.
This document provides an overview of dependency injection and related concepts like inversion of control and aspect oriented programming. It discusses what dependency injection is, when and why to use it, and examples of how it can make code more organized and flexible. Specifically, it explains how dependency injection frameworks can manage object creation through configuration rather than code, allowing dependencies to be easily swapped. It also describes how inversion of control "flips" code to externalize default values and dependencies, and how aspect oriented programming allows cross-cutting concerns to be modularized.
PhpSpec is a SpecBDD tool that enables you to use a TDD workflow that can transform the way you write PHP. In this session we will look at the TDD workflow and see how PhpSpec can be used to speed up your development; add regression safety, and improve your object-oriented design.
ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. ASP.NET Web API is an ideal platform for building RESTful applications on the .NET Framework.
Video :
https://youtu.be/qwLBeg1CPSo
Courtesy:
http://www.ifourtechnolab.com
This document discusses user authentication in Django. It covers setting up authentication with Django's auth application, creating user and profile models, adding login and registration views and templates, and restricting access with decorators. The key points are:
- Django's auth app provides user authentication functionality out of the box, including user models, permissions, and form/view tools.
- Additional user profile attributes can be added by creating a profile model with a one-to-one relationship to the user model.
- Registration is implemented with forms bound to the user and profile models, and a view to process registration and save to the database.
- Login functionality includes a form, view to authenticate and log in a user,
This document provides an overview of the key concepts and components in the Zend Framework MVC architecture. It discusses the Model-View-Controller pattern and how each component (Model, View, Controller) is implemented in Zend Framework using classes like Zend_Controller, Zend_View, and specialized model classes. It also covers routing, action controllers, view rendering, plugins, helpers and putting the pieces together to build an application with Zend Framework.
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
Video: http://www.nicovideo.jp/watch/1410857293
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This version of the presentation has Japanese subtitles. For the English only version, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework
This document discusses Cloud Native Identity Management using SPIFFE (Secure Production Identity Framework for Everyone) and SPIRE (SPIFFE Runtime Environment). It provides an overview of SPIFFE and SPIRE, including how they address identity management challenges in cloud-native environments. It then summarizes how SPIRE implements the SPIFFE specifications through a node attestation and workload attestation process where a SPIRE agent authenticates to a server, retrieves selectors to verify workloads, and issues signed identity documents when a workload matches the selectors.
This document provides an overview of JavaScript concepts including:
- Where JavaScript can run including web browsers and JavaScript engines.
- Key differences from Java like JavaScript arriving as text with no compiler and need to work across runtime environments.
- Tools for debugging and developing JavaScript like Firefox's Firebug and Chrome Developer Tools.
- Variables, functions, objects, and inheritance in JavaScript compared to other languages like Java. Functions can be treated as first-class objects and assigned to properties or passed as callbacks.
In building large scale web applications MVC seems like a good solution in the initial design phase. However after having built a few large apps that have multiple entry points (web, cli, api etc) you start to find that MVC breaks down. Start using Domain Driven Design.
Domain-driven design (DDD) is an approach to software development for complex needs by connecting the implementation to an evolving model.[1] The premise of domain-driven design is the following:
Placing the project's primary focus on the core domain and domain logic.
Basing complex designs on a model of the domain.
Initiating a creative collaboration between technical and domain experts to iteratively refine a conceptual model that addresses particular domain problems.
Have more questions?
Twitter: @wajrcs
Web: http://waqaralamgir.tk
This document discusses data validation models and different approaches to validation. It covers syntactic validation to check data type and format, as well as semantic validation to check if data makes sense. Various PHP libraries and frameworks are benchmarked for validation performance. Deferred validation using argument resolvers is recommended to ensure objects are always valid. Domain models should encapsulate semantic validation rules. Validation should occur as early as possible to catch errors quickly.
Recipes to build Code Generators for Non-Xtext Models with XtendKarsten Thoms
This document discusses code generators for non-Xtext models using Xtend. It provides an overview of creating minimal generators using JSON and Xtend templates, and more full-featured generators using the Xtext framework and EMF models. Key aspects covered include model navigation in Xtend templates, extensions, dynamic dispatch, IDE support, modularization, dependency injection, and incremental generation.
This document provides an overview of ASP.NET MVC frameworks and how to get started with ASP.NET MVC 4. It discusses how ASP.NET MVC supports the MVC pattern and test-driven development. It also describes how to install ASP.NET MVC 4, create a basic MVC 4 project with different templates, add controllers and views, and connect to a database using Entity Framework.
The document discusses using PHPUnit for testing PHP code. It provides advantages of unit testing like catching bugs early and promoting code quality. It describes different types of tests like browser tests using Selenium and software tests checking PHP variables. It outlines the anatomy of test classes and functions, showing how to set up tests, target elements, make assertions. It also discusses how testing will work for the Baker project and Gearbox software, with shared testing resources and triggering tests through the admin center or continuous integration.
This document provides an overview and introduction to the Spring framework. It discusses key Spring concepts like inversion of control (IoC), dependency injection, and the model-view-controller (MVC) architecture. It also summarizes Spring modules for web applications, data access, security, and testing. Code examples are provided for common Spring features like configuration, bean management, MVC controllers, validation, and security.
In this session, you will learn about typical best practices and idioms for building continuously running, extensible and maintainable code generators with Xtend. We think Xtend is the best language for code generation available today.
Connect.Tech- Enhancing Your Workflow With Xcode Source Editor Extensionsstable|kernel
Developers are constantly refining their workflow in order to master their craft. There is a plethora of tools available that can help bootstrap a project, increase efficiency, or simply make developers happy. Let’s explore the newly introduced Xcode Source Editor Extensions; an Application Extension that gives developers the power to create custom actions in Xcode’s Editor menu.
The Tooling API provides powerful new ways to manage your code. It can help you measure code health, find circular dependencies, and identify code that's no longer in use. Join us to learn how to use the Tooling API to conduct a quality analysis of your code, and how to do this using an app integrated via Force.com Canvas -- no command line or desktop install required! Take your Apex knowledge to the next level.
This presentation is about a basic Overview of Ext JS framework. Covers the discussion on topics like Understanding Ext JS API, Ext JS component Life cycle,Ext JS Components and Events and Ext JS Layouts etc.
This document provides an overview of dependency injection and related concepts like inversion of control and aspect oriented programming. It discusses what dependency injection is, when and why to use it, and examples of how it can make code more organized and flexible. Specifically, it explains how dependency injection frameworks can manage object creation through configuration rather than code, allowing dependencies to be easily swapped. It also describes how inversion of control "flips" code to externalize default values and dependencies, and how aspect oriented programming allows cross-cutting concerns to be modularized.
PhpSpec is a SpecBDD tool that enables you to use a TDD workflow that can transform the way you write PHP. In this session we will look at the TDD workflow and see how PhpSpec can be used to speed up your development; add regression safety, and improve your object-oriented design.
ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. ASP.NET Web API is an ideal platform for building RESTful applications on the .NET Framework.
Video :
https://youtu.be/qwLBeg1CPSo
Courtesy:
http://www.ifourtechnolab.com
This document discusses user authentication in Django. It covers setting up authentication with Django's auth application, creating user and profile models, adding login and registration views and templates, and restricting access with decorators. The key points are:
- Django's auth app provides user authentication functionality out of the box, including user models, permissions, and form/view tools.
- Additional user profile attributes can be added by creating a profile model with a one-to-one relationship to the user model.
- Registration is implemented with forms bound to the user and profile models, and a view to process registration and save to the database.
- Login functionality includes a form, view to authenticate and log in a user,
This document provides an overview of the key concepts and components in the Zend Framework MVC architecture. It discusses the Model-View-Controller pattern and how each component (Model, View, Controller) is implemented in Zend Framework using classes like Zend_Controller, Zend_View, and specialized model classes. It also covers routing, action controllers, view rendering, plugins, helpers and putting the pieces together to build an application with Zend Framework.
This document discusses unit testing and the use of stubs and mocks. It provides examples of how to create stub and mock objects using Phake, a PHP mocking framework. Stub objects are pre-programmed to return expected values during tests, while mock objects also allow for verifying that expected methods were called with the correct parameters. The document shows how to stub and mock method calls, magic methods, and verify invocation counts and order using Phake.
Unit testing involves testing individual units or modules of code to determine if they work as intended. It is important because it finds problems early, facilitates change, simplifies integration, acts as documentation, and saves time. Unit tests work by being independent, automatic, fast, and isolated from external systems. Isolation is achieved through test doubles like dummies, stubs, mocks, and fakes that stand in for real objects to simplify testing.
The document defines a fib function that recursively calculates Fibonacci numbers and prints the 10th Fibonacci number. It then defines some unit tests for a Calculator class that test the add method by asserting the expected result. Finally, it defines some unit tests for a User class that test validating a user object.
This document provides best practices for writing PHPUnit tests, including: do not write tests that do not test anything or test too much; exploit dependencies between tests; use the most specific assertion; decouple test code from test data; organize tests by class; run tests via XML configuration; disable unnecessary PHPUnit features; use code coverage whitelisting; annotate tests to make coverage more meaningful; and avoid unnecessary patterns like singletons.
This document introduces unit testing with PHPUnit. It discusses what unit testing is, why it's important, and tools like SimpleTest and PHPUnit. It provides examples of basic unit tests for a HelloWorld class using PHPUnit. It also covers more advanced testing techniques like data providers, expected exceptions, fixtures, doubles, mocks, stubs, and database testing using examples like testing a BankAccount class. The document provides hints and tips for unit testing MVC frameworks like Zend Framework.
The document discusses performance testing using Apache JMeter. It covers topics like an overview of performance testing, the purpose of performance testing, key types of performance testing like load testing and stress testing. It also discusses pre-requisites of performance testing, the performance testing life cycle, challenges of performance testing and how to record and playback tests using JMeter.
This document discusses dependency injection and how it can be implemented using Ninject as a dependency injection container. Dependency injection allows removing hard-coded dependencies and making it possible to change dependencies at runtime or compile-time. It describes how a booking class can be decoupled from its dependencies like email and SMS notification classes by injecting them through the constructor instead of creating them internally. Ninject is then introduced as a dependency injection container that can further remove the need to manually inject dependencies and make the code less tightly coupled.
This document discusses various third party authentication methods that can be used with WebObjects applications, including storing hashed passwords in a database, authenticating against LDAP services, Kerberos/SSO, and gateway/web authentication solutions. It provides code examples for hashing passwords with SHA-256 before storing in a database, authenticating against an LDAP server using JNDI, and authenticating with Kerberos. It also discusses hybrid approaches that integrate database and LDAP user attributes, as well as considerations for using gateway/web authentication.
The document summarizes best practices for WordPress development. It recommends leveraging WordPress core functionality through APIs and hooks, contributing to core, internationalizing code, and following coding standards to write clean, readable code. It also emphasizes allowing others to hook into code through actions and filters and the importance of sanitization, escaping and security.
Java EE 8 security and JSON binding APIAlex Theedom
Java EE Security and JSON Binding are two new APIs in the Java EE 8 release. The security API provides consistencies between containers with a simple annotation-driven model while JSON Binding completes Java EEs JSON APIs and is a real alternative to Jackson and Gson. In this presentation, I will walk through coding examples from both APIs and by the end of the presentation, you will understand how these two new APIs add to the advancement of the Java EE platform.
Building Better Applications with Data::ManagerJay Shirley
The document discusses tools for managing form data and validation. It introduces Data::Manager, which provides a way to manage incoming data and validation rules across multiple scopes or sections. Data::Manager uses Data::Verifier under the hood to validate data according to defined rules. It provides methods to verify data, check for errors, and retrieve validation results. The document emphasizes usability, reliability, and hiding complexity through a clean API.
Azure Table Storage: The Good, the Bad, the Ugly (15 min. lightning talk)Sirar Salih
Azure Table storage, a NoSQL data service in the cloud. Schemaless and with JSON compatibility, it’s simple and it does its job well. But everything great has its pitfalls.
Join in this lightning talk to look at and investigate the wonders and the mysteries, the shocks and the no-nos of using Azure Table storage. We will look at sample code, setting up and using the storage in action. Most notably, the program also looks at performance metrics, comparing Azure Table storage to other data services. Is this the thing for you? Find out!
The document provides 10 rules for safer code in order to prevent security vulnerabilities:
1. Do not use eval() or evaluate strings as code.
2. Do not use pickle for serialization as it is unsafe and not secure.
3. Use ORM queries and query parameters instead of direct SQL to prevent SQL injection.
4. Be careful of XSS vulnerabilities in templates, DOM manipulations, and uploads. Escape variables and user input.
5. Securely store passwords and tokens and do not leak them.
6. Review sudo() usage and do not allow blind writes from public methods.
7. Use CSRF tokens for HTTP POST forms to prevent CSRF attacks.
The presentation is on Persistent Cookies and LDAP Injection. Persistent cookies stay on your hard drive (one of your browser's subfolders) until they expire or get deleted. The session will cover introduction to Persistent Cookies and applicable test-cases with respect to Web Application Penetration Testing. In LDAP Injection section, the presentation will cover: Understanding Active Directory, Understanding LDAP and How does LDAP Injection work.
10 Rules for Safer Code [Odoo Experience 2016]Olivier Dony
In this talk, we will cover the top 10 development mistakes that lead to security issues. Olivier Dony will go through all the security issues we have had over the past 3 years and give tips on how to avoid the traps for safer Odoo code.
The slides of my talk at Confoo 2014 in Montréal, Qc.
Let's get back to simplicity when doing Java web development. Forget about DI frameworks, ORMs and complex build tools and see how we can develop well-tested, well-crafted web applications using only simple tools, libraries and techniques.
In this talk, I will share my experience rewriting a web application based on Spring MVC, Spring, Hibernate and Maven with only Simple and JDBC. We'll discuss the benefits and challenges of simplicity.
Jakość dostarczanego oprogramowania oparta o testyPaweł Tekliński
Na bazie swoich doświadczeń Paweł opowie o tym jak pisanie testów pozwala zaoszczędzić czas i pomaga stać się lepszym programistą. Postara się odpowiedzieć na pytanie dlaczego tak często nie piszemy testów i pokazać na co należy uważać przy ich pisaniu.
Paweł to programista PHP i WebDeveloper z 7 letnim stażem. Przez ostatnie 2 lata leader zespołu a od niedawna Head of IT w Gdańskiej firmie z branży FinTech.
This document provides an overview of authentication and security configurations and functions in Laravel. It discusses setting an encryption key in the app.php file, authentication settings in the auth.php file, password hashing with the Hash class, authentication attempts with Auth, remembering logins with cookies, accessing the logged in user, logging out, and password resets using Laravel's built-in functionality. Functions like Hash, Auth, Crypt and Password are covered, along with creating authentication and password reset views.
Code your Own: Authentication Provider for Blackboard LearnDan Rinzel
The document discusses authentication in Blackboard Learn and provides an example of extending authentication capabilities by creating a custom filter. It begins by explaining the different types of authentication providers in Blackboard Learn, including remote, delegated credential, and fully delegated providers. It then discusses changes in Service Pack 8, supported providers, and how the framework is built for extension. The document concludes by walking through a sample implementation of a custom filter that limits login attempts to prevent password guessing.
The document summarizes a presentation about building a real world MVC web application called Aphirm.it that allows users to share affirmations. The presentation covers using Entity Framework to interact with the database, implementing user registration and authentication, uploading images, and using AJAX and JavaScript for features like live updating. It also discusses implementing administration functionality like approving content, assigning badges to users, and sending tweets when new content is added.
This document discusses authentication methods in Java EE 8, including improvements and new features. It begins with an overview of traditional Java EE authentication using JAAS LoginModules and web.xml configuration. It then covers the new Java EE 8 Security API which defines IdentityStores and HttpAuthenticationMechanisms to provide authentication in a container-agnostic way. The document also discusses token-based authentication using JSON Web Tokens and how this can be implemented with a JwtAuthenticationMechanism. It concludes with an example of role-based access control in a sample application.
Die Art und Weise der Client-Server-Authentifizierung hat in den vergangenen Jahren einen rasanten Wechsel erfahren. Anmeldungen z.B. über OAuth 2 sind Standard. Auch wenn Authentifizierungsmethoden wie Single-Sign-On (SSO) bereits seit mehreren Jahrzehnten Anforderungen von Unternehmen sind, gab es bisher im Enterprise Java Standard keine Lösungen dafür. Das hat sich mit Java EE 8 und der Version 1.0 der Security-API geändert.
Neben einem Blick auf die neuen Features der Security-API zeigt dieser Vortrag auch die Authentifizierung im Bereich der verteilten Systeme mit Hilfe von SSO über das JWT. Dabei wird darauf eingegangen, was der Standard nun bietet und was der Entwickler dazubauen muss.
Phactory is an alternative to database fixtures for defining test data in PHP unit tests. It allows developers to define database objects in code and dynamically create them, rather than loading static datasets. Phactory provides a lightweight ORM and works with MySQL, SQLite, and MongoDB. It supports defining object blueprints, creating objects with associations, retrieving objects, and integrating with PHPUnit for testing database code.
devise tutorial - 2011 rubyconf taiwanTse-Ching Ho
This document provides an overview and instructions for building an authentication system using the Devise gem in Rails. It discusses Devise's features like authentication modules, filters, helpers and extensions. It also outlines setting up Devise by generating models, configuring routes and customizing views. The document demonstrates deploying a sample Devise app to Heroku and adding manager authentication with custom routes.
John Keats wrote "Ode to a Nightingale" in 1819 after the death of his brother from tuberculosis. The poem explores the speaker's desire to escape from the pains and sorrows of mortal life by following a nightingale into the forest and partaking in its immortal song. Through vivid imagery and symbolic language, Keats depicts the natural world as both a place of refuge and source of melancholy as the speaker wrestles with his own mortality in the face of his brother's death. The shifting tones reflect the emotional turmoil of wishing to find solace in the nightingale's song while still being tethered to reality.
REST Easy - Building RESTful Services in Zend FrameworkChris Weldon
The epicenter of data sharing in "Web 2.0" are web services. Whether you like it or not, you are consuming literally hundreds of services a day, whether it be searching in Google, running Facebook on your mobile device, or searching the App Store on your tablet. Yet, despite our hunger for services, few have ever written one. In this session, you'll learn what are RESTful web services and how to get started creating them in Zend Framework.
Beyond TDD: Enabling Your Team to Continuously Deliver SoftwareChris Weldon
Many project teams have adopted unit testing as a necessary step in their development process. Many more use a test-first approach to keep their code lean. Yet, far too often these teams still suffer from many of the same impediments: recurrent integration failures with other enterprise projects, slow feedback with the customer, and sluggish release cycles. With a languishing feedback loop, the enterprise continues to put increasing pressure on development teams to deliver. How does an aspiring agile team improve to meet the demands of the enterprise?
Continuous integration is the next logical step for the team. In this talk, you’ll learn how continuous integration solves intra and inter-project integration issues without manual overhead, the value added by continuous integration, and how to leverage tools and processes to further improve the quality of your code. Finally, we discuss the gold standard of agile teams: continuous deployment. You’ll learn how continuous deployment helps close the feedback loop with your customers, increases visibility for your team, and standardizes the deployment process.
SOLID - Not Just a State of Matter, It's Principles for OO ProprietyChris Weldon
The document discusses the SOLID principles of object-oriented design (OOD). SOLID is an acronym that stands for five principles: Single responsibility principle, Open-closed principle, Liskov substitution principle, Interface segregation principle, and Dependency inversion principle. These principles provide guidelines for creating reusable and maintainable object-oriented code by separating concerns and managing dependencies between modules.
The document discusses SOLID principles of object-oriented design. It provides examples of code that demonstrate poor adherence to SOLID and ways the code can be refactored to better follow SOLID. Specifically, it shows how to apply the single responsibility principle, open/closed principle, Liskov substitution principle, interface segregation principle and dependency inversion principle to structure code for flexibility, reusability and maintainability.
This document discusses unit testing practices for SharePoint 2010. It notes that SharePoint objects are difficult to test because they lack interfaces and are sealed classes. It introduces Pex and Moles mocking frameworks that can generate stubs for SharePoint objects using runtime instrumentation. The document demonstrates using SharePoint Mole Behaviors to pre-generate common SharePoint object behaviors. It observes that this approach saves time but behaviors may not be complete and unit tests can run slowly. It recommends building a facade in front of SharePoint and producing consistent behaviors by disassembling SharePoint if necessary.
The document discusses Model-View-Controller (MVC), an architectural pattern commonly used for web development. It provides definitions and examples of MVC components including the Model, View and Controller. It also discusses how MVC is implemented in various PHP frameworks and the benefits of using MVC, such as improved code organization, maintenance and extensibility. Popular PHP MVC frameworks mentioned include CakePHP, Symfony, and CodeIgniter.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
2. Before We Begin
http://bit.ly/rf1pxR
git://github.com/neraath/ioc-php-talk.git
3. Your Guide: Chris Weldon
• Fightin’ Texas Aggie
• .Net and PHP Developer
• UNIX and Windows Sysadmin
• Senior Consultant at Improving Enterprises
• Contact Me: chris@chrisweldon.net
5. Before We Get to IoC...
<?php
class Authenticator {
private $_repository;
public function __construct() {
$this->_repository = new DataAccessLayer();
}
public function authenticate($username, $password) {
$hashedPassword = md5($password);
$user = $this->_repository->findByUsernameAndPassword(
$username, $hashedPassword);
return $user === null;
}
}
7. What are the problems?
• Strongly coupled to DataAccessLayer
8. What are the problems?
• Strongly coupled to DataAccessLayer
Authenticator
authenticate() : bool
DataAccessLayer
findByUsernameAndPassword : array
9. What are the problems?
• Strongly coupled to DataAccessLayer
•
Authenticator
Very inflexible authenticate() : bool
DataAccessLayer
findByUsernameAndPassword : array
10. What are the problems?
• Strongly coupled to DataAccessLayer
•
Authenticator
Very inflexible authenticate() : bool
• How to configure DataAccessLayer?
DataAccessLayer
findByUsernameAndPassword : array
11. What are the problems?
• Strongly coupled to DataAccessLayer
•
Authenticator
Very inflexible authenticate() : bool
• How to configure DataAccessLayer?
•
DataAccessLayer
Let it read configs? findByUsernameAndPassword : array
12. What are the problems?
• Strongly coupled to DataAccessLayer
•
Authenticator
Very inflexible authenticate() : bool
• How to configure DataAccessLayer?
•
DataAccessLayer
Let it read configs? findByUsernameAndPassword : array
• How to test the Authenticator?
13. Let’s solve it
• What are our goals?
• Decrease coupling
• Increase configurability
14. <?php
interface IUserRepository {
function findByUsernameAndPassword($username, $password);
}
class DataAccessLayer implements IUserRepository {
private $_configParams;
private $_database;
public function __construct(array $configParams) {
$this->_configParams = $configParams;
$this->_database = Zend_Db::factory('Pdo_Mysql', $this->_configParams);
}
public function findByUsernameAndPassword($username, $password) {
$query = 'SELECT * FROM users WHERE username = ? AND password = ?';
$result = $this->_database->fetchAll($query, $username, $password);
return $result;
}
}
15. Our Updated Authenticator
<?php
class Authenticator {
private $_repository;
public function __construct(IUserRepository $repository) {
$this->_repository = $repository;
}
public function authenticate($username, $password) {
$hashedPassword = md5($password);
$user = $this->_repository->findByUsernameAndPassword(
$username, $hashedPassword);
return $user === null;
}
}
16. Time to Consume
<?php
class LoginController {
public function login($username, $password) {
$configuration = Zend_Registry::get('dbconfig');
$dal = new DataAccessLayer($configuration);
$authenticator = new Authenticator($dal);
if ($authenticator->authenticate($username, $password)) {
// Do something to log the user in.
}
}
}
17. Goal Recap
• What were our goals?
• Decrease coupling
• Increase configurability
18. Goal Recap
• What were our goals?
• Decrease coupling
• Increase configurability
19. Goal Recap
• What were our goals?
• Decrease coupling
• Increase configurability
20. What You Saw Was IoC
• Inversion of Control changes direction of responsibility
• Someone else responsible for creating and providing my
dependencies
• Most commonly applied pattern: Dependency Injection
• Follows Dependency Inversion Principle from SOLID
• Culture War: IoC vs. DI vs. Naming vs. Principles vs. Ideology
21. Dependency Inversion
• “High-level modules should not depend upon low level modules. They
should depend upon abstractions.
• “Abstractions should not depend upon details. Details should depend
upon abstractions.”
Robert Martin
26. Benefit: Flexibility
<?php
class WebServiceUserRepository implements IUserRepository {
public function findByUsernameAndPassword($username, $password) {
// Fetch our user through JSON or SOAP
}
}
class OAuthRepository implements IUserRepository {
public function findByUsernameAndPassword($username, $password) {
// Connect to your favorite OAuth provider
}
}
27. Benefit: Testable
<?php
class WhenAuthenticating extends PHPUnit_Framework_TestCase {
public function testGivenInvalidUsernameAndPasswordShouldReturnFalse() {
$stub = $this->getMock('IUserRepository');
$stub->expects($this->any())
->method('findByUsernameAndPassword')
->will($this->returnValue(null));
$authenticator = new Authenticator($stub);
$this->assertFalse($authenticator->authenticate('user', 'pass'));
}
}
28. Dependency Injection
• Now we can inject our dependencies to our consumer classes
• Still requires some other class to be tightly coupled to both of those
• Need a container that can help abstract the relationship between the
interface and implementation
29. <?php
class UserRepositoryContainer {
/** @return IUserRepository **/
public function getRepository() {
$container = new DataAccessLayer(array(
'dsn' => 'mysql://localhost/database',
'username' => 'user',
'password' => 'pass'
));
return $container;
}
}
class LoginController {
public function login($username, $password) {
$container = new UserRepositoryContainer();
$repository = $container->getRepository();
$authenticator = new Authenticator($repository);
// ...
}
}
30. Container Woes
• No uniform interface by which to access services
• Still tightly coupled with dependencies
• Configurability of the container difficult
• How to auto-inject dependency for configured consumer classes?
31. Symfony Dependency Injection
Container
• Two Ways to Setup and Use sfServiceContainer
• Create subclass
• Manual registration via code or config
33. Consuming the Container
<?php
class LoginController {
public function login($username, $password) {
$configuration = Zend_Registry::get('dbconfig');
$container = new UserRepositoryContainer(array(
'repository.config' => $configuration
));
$repository = $container->userRepository;
$authenticator = new Authenticator($repository);
if ($authenticator->authenticate($username, $password)) {
// Do something to log the user in.
}
}
}
34. That’s Pretty Nice
• Configurability a lot easier
• Uniform interface for accessing services
• How does this scale when there are lots of dependencies?
• Aren’t we still coupling the container to the implementation at
compile time?
35. The Builder
• Provides a uniform way of describing services, without custom
containers
• For each service description, we have the flexibility to configure an
object:
• At instantiation (Constructor Injection)
• Post-instantiation (Setter/Method Injection)
36. How to Describe a Service
• Code-based or Config-based
• Code-based allows for run-time changing of injection parameters
• Config-based provides a way to change parameters between
environments with no code changes
• Not mutually exclusive
37. Code-Based Description
<?php
// Imagine this is a bootstrap file.
$configuration = Zend_Registry::get('dbconfig');
$builder = new sfServiceContainerBuilder();
$builder->register('user_repository', 'DataAccessLayer')
->addArgument($configuration)
// OR ->addArgument('%repository.config%') from earlier
->setShared(false);
$builder->register('authenticator', 'Authenticator')
->addArgument(new sfServiceReference('user_repository'));
Zend_Registry::set('di_container', $builder);
39. Loading the Config
<?php
// Imagine this is a bootstrap file.
$builder = new sfServiceContainerBuilder();
$loader = new sfServiceContainerLoaderFileXml($builder);
$loader->load('/pathTo/services.xml');
Zend_Registry::set('di_container', $builder);
40. Using the Container
<?php
class LoginController {
public function login($username, $password) {
$container = Zend_Registry::get('di_container');
$authenticator = $container->authenticator;
if ($authenticator->authenticate($username, $password)) {
// Do something to log the user in.
}
}
}
43. When to Use a DI Container
• Not for model objects (e.g. Orders, Documents, etc.)
44. When to Use a DI Container
• Not for model objects (e.g. Orders, Documents, etc.)
• Great for resource requirements (e.g. repositories, loggers, etc.)
45. When to Use a DI Container
• Not for model objects (e.g. Orders, Documents, etc.)
• Great for resource requirements (e.g. repositories, loggers, etc.)
• Really great for plugin-type architecture
46. When to Use a DI Container
• Not for model objects (e.g. Orders, Documents, etc.)
• Great for resource requirements (e.g. repositories, loggers, etc.)
• Really great for plugin-type architecture
• But not necessary to use Dependency Injection!
51. Other Considerations
• Learning curve
• Tracking dependencies
• Dependency changes
• Setter/method vs. constructor injection
52. Service Lifetimes
• setShared() allows you to specify context persistence
• If shared, acts like a singleton
• Useful if construction is expensive or state persistence required