05 Aug 10 PHP Programmer

Tags: adam palmer, apnic solutions, php programmer, php programming

05 Aug 10 PayPal Desktop Application

I’ve been considering writing a PayPal desktop application for Windows for some time now. I’ve seen a couple of attempts at this done before, as well as web systems that utilize PayPal’s API. I haven’t seen a definitive piece of software that handles your PayPal account operations from your desktop.

PayPal’s API doesn’t support everything you might want to do, specifically sending payments, so it’s possible that some of the functionality could only be achieved by scraping the site. My main list of features is as follows:

1. Instant popup on payment receipt
2. Fast and powerful reporting, stats and graphs.
3. Quickly and easily in a few clicks send a payment.

Any ideas or interest? Please let me know!

Tags: paypal

22 Jul 10 Why test or scan?

Yesterday, I offered a free website security scan. Why would you need a scan? I went into a little detail then, but I’d like to expand on what I wrote about, that being my offering my services as a PHP programmer.

If you’re an online merchant, your server needs to be PCI compliant. Otherwise, you not only run the risk of being hacked and losing customer data, but you also run the risk of facing major fines. One fine would be enough to wipe just about any small business out.

New security challenges arise every day. In fact, they arise every hour, it seems. Will your site stand up to the challenge? Will it meet that challenge? Only by regular security scans will you know. Even if you’re not a merchant, you need scans, because I am willing to bet that you don’t want to be hacked. All sorts of unsavory things can occur if that happens.

You could lose your databases. You could lose all data on your server. Your users’ information could be compromised. There are many things that could happen, and none of them are pleasant.

So, contact me for your free security scan today. As I wrote earlier, all I ask in return is that you have a sincere intent of using my services.

19 Jul 10 The importance of redirects

Yesterday, I discussed how you can redirect your HTML files to PHP files. Why is it important to do so?

There are certainly no security concerns involved here, but you probably don’t want to lose your visitors who may bookmark certain pages, nor do you want to lose search engine traffic, because the HTML links will still show up in those engines until they crawl your changes.

That’s where the 301 redirect comes in. This is the best sort of redirect to use, because it is search engine friendly. What it tells search engines is that the page has moved permanently to the forwarding location you provide, which in this case is a PHP file. Essentially, if you do it this way, the search engines won’t skip a beat, and you’ll keep your traffic. The last thing you want to do is let search engines crawl 404 errors.

If you need help with these sorts of things, or if you need a skilled PHP programmer to help you sort out your conversion, I would be more than happy to take a look at your specific needs, and devise a plan for you. This includes making sure that your PHP code and your setup is secure, as PHP is a valuable tool, but a potential security risk if not handled correctly.

My rates are reasonable, and I offer a wealth of experience that can benefit you. Simply get in touch with me for a custom quote!

Tags: 301 redirects, html, php programmer, search engine, traffic

17 Jul 10 A PHP programmer indeed

You may be browsing through my site, or maybe you came here because you’re looking for a PHP programmer. Allow me to introduce myself. I am Adam Palmer, and I’m a freelance website security consultant, developer, and, of course, a PHP programmer. I’m willing and able to do most any web, Linux, or hosting-related project.

If you have something along those lines that needs to be done, simply contact me, and we can discuss your needs in greater detail.

In addition to doing this sort of work, I run APNIC Solutions, Ltd., which is a leader in network and business integration. You can be confident that when you hire me for your PHP, web, or other needs, you are getting a competent, skilled industry leader who will do a smashing job for a reasonable fee.

Feel free to browse through my blog and read my articles on a variety of PHP and security topics. Then, get in touch with me to see what I can do for you! If all you need is a consultant to point you in the right direction and help you get to to the finish line, I would be more than happy and honoured to be that person.

Tags: Linux, PHP, php programmer, web, website security consultant

15 Jul 10 Another PHP tip

While it’s all well and good to spend considerable time securing your PHP applications, there is something else that you can do, or rather not do. As a PHP programmer, I see people do one alarming thing: they download and install PHP applications from questionable sources.

While there are a lot of honourable programmers who offer their scripts for free, there are plenty of hackers who enjoy deploying applications that cause harm to others. I discussed this earlier, but it bears repeating: trust your source. Know your source.
(more…)

Tags: php programmer, php programmer resume, safety, script, security, trust

14 Jul 10 Securing PHPMyAdmin and SQL

PHP is of course a valuable tool, and PHPMyAdmin is an equally valuable asset for those that don’t like command line administration. The problem is that because it’s a valuable tool, it’s a security exposure. As a website security consultant, I see the problem often: people don’t secure the one thing that, if accessed by a malicious party, can give carte blanche for destruction.

One simple way to secure your installation is to slightly modify your config.inc.php file:

Look for this line:

$cfg['Servers'][$i]['auth_type'] = ‘config’;

Change “config” to “http”. By doing this, you will require that the database information (username and password) be entered prior to accessing PHPMyAdmin. Of course, this only addresses attacks over the web. If someone tries to remotely connect to your database and knows the root password, or the credentials for any of your database, then you’re still vulnerable.

One way to address the security of your config.inc.php file is to secure the directory that it’s stored in. This is especially important if you should be on a shared server.

Of course, there is still the matter of your SQL port, 3306, being open to remote attacks. The solution to this problem can be found in the /etc/my.cnf file.

You need to add this line to make it so that only your server can connect to the SQL server.

Ensure that it’s under the “[mysqld]” section:

bind-address = 127.0.0.1

This sets it so that the SQL daemon only listens for connections locally, i.e. on your server. Anyone who tries to connect remotely will be denied. Now, the argument could be made that you could also try to add “skip-networking” to your my.cnf file, and then specify the path to your socket file, but you still need a way to administer your SQL, preferably via SSH. By adding the “bind-address” command, you can do just that.

The name of the game is security, and assumption. You have to assume that everyone’s out to attack you. If you think like that, you’ll narrow down all the ports that are exposed, and secure your server. Your SQL server is, like your DNS server, vital. It most likely powers your site. If the database is attacked, the damage can be considerable. Do understand that if a hacker is intent enough, they will find a way in, but by making it as difficult as possible, you reduce the chances of that happening.

Tags: attacks, MySQL, PHP, php programmer resume, phpmyadmin, sql, website security consultant

13 Jul 10 Validate your input

An important thing to consider when accepting input from users is validation. When PHP is used, powerful functions can be performed. The problem is that it can also do powerful and bad things if a malicious user is entering data which isn’t validated.

Consider this: you accept input asking for a month or year. The problem is that a user decides to enter “”;rm -rf *” after the year, and in so doing could cause the deletion of your whole website. Obviously, this is not a good thing, so what to do? Data validation is the answer. As the name suggests, it validates or verifies data, ensuring that it complies to form.
(more…)

Tags: injection, malicious code, php programer, php programmer resume, sql, validation

12 Jul 10 The importance of secure PHP code

In recent days, I’ve talked about the importance of server hardening and security, but there’s another aspect of the integrity of your server that must not be ignored: PHP code.

If you don’t have secure PHP code, you may find yourself the victim of numerous type of attacks, including SQL injection attacks, which as the name suggest, goes directly after your database, which in most cases is the very heart of your website or application.
(more…)

Tags: compromised, php programmer, resume, security, sql injection

03 Jul 10 PHP Developer – Base64

Base64 is a type of encoding (NOT encryption). Essentially, you can take any binary data and encode it into one of 64 characters for more information on the encoding process and how this is done, visit http://en.wikipedia.org/wiki/Base64.

It is useful for a variety of things, specifically encoding non standard characters that may not be safe to pass around such as in a browser address bar or in a plaintext email..

Here’s one example..

<?php
$obj = new stdClass();
$obj->a = “test”;
$obj->b = “string”;
$obj->c = 12345;
$output = base64_encode(serialize($obj));
echo $output;

?>

This returns ‘Tzo4OiJzdGRDbGFzcyI6Mzp7czoxOiJhIjtzOjQ6InRlc3QiO3M6MToiYiI7
czo2OiJzdHJpbmciO3M6MToiYyI7aToxMjM0NTt9′

We could now pass this as an HTTP safe string between pages; decoding using $v = unserialize(base64_decode());

This is obviously not an optimal way of storing or passing this example data between various pages however is one example of how base64 encoding can be used.

Tags: base64, PHP