Tag Archives: php

01 May
2009

Auth Mechanisms for Web Services

Having been involved in quite a few service-related activities in the last year or so, I’ve been having a few thoughts about what I’ve learned from this and what decisions I make when designing a service. Hopefully there will be a few of these posts – but to start with, I’m considering the options for authorising users.

Quite a lot of services don’t require any authentication at all, similar to quite a lot of the web. In either setting, the information is there for users to consume when they want. However the difference comes when services start doing more than making data available. If changes can be effected by the service, then we need to identify who is requesting the change.

Traditional websites use a username and password, and we can do exactly the same thing here. Services work on a series of discrete requests and its common to require that the username and password be supplied with every request. However for high-load services or where a particularly fast response time is needed, we can use something similar to sessions, where the user first has to authenticate and is given a token. On subsequent requests they supply the token and we wave them through without requiring their credentials again.

There are a number of considerations involved in deciding whether this setup can work for a particular application:

  • Does it take time to authenticate? For example is there an external system to wait for or lots of user information to retrieve?
  • How guessable is the token? Any kind of reasonable length hashing will help you here. I tend to use salted md5 tokens*.
  • How long will the token be valid for? If interaction with the service is likely to be a burst of related requests, you might allow validity for 30 minutes for example.
  • Will you require other identifying information as well as the token? For example you might require that the user also supply their username, which would have to match the token. I’ve also seen systems which only accept tokens from the same user ip address as the user’s original authentication call came from.

Also think about storing these tokens. They can go in their own table along with the information you want to use frequently – this is the same idea as storing information about a user in a session, for example. So user id, maybe display name plus the token itself, some information about when it was created or when it expires, and anything else that will be needed to check the token’s validity. With this information being independent and just used to verify the user, there is also the option of storing this in an alternative, faster, mechanism such as memcache.

This isn’t by any means everything there is to think of, but just some ideas of things to consider when designing a service.

* I blogged about salting md5s in PHP recently, if you are interested

10 Apr
2009

Speaking at phpGG

Next week I’m passing through the Ibuildings office in Utrecht on business. During the 36 hours or so that I’ll be there, the Dutch PHP User Group, phpGG have kindly extended an invitation to speak at a one-off user group meeting they are arranging. Well, I have a talk that needs some work and it seems like too good an opportunity to miss out on catching up with some Dutch friends that I usually can only virtually “meet”, so I delightedly accepted!

So, I’ll be in Utrecht on Thursday 16th April giving my talk “Linux-Fu for PHP Developers” at Ibuildings’ Utrecht office – let me know if you can be there :)

09 Apr
2009

DPC – Dutch PHP Conference June 2009

I keep getting asked about the Dutch PHP Conference so here’s a quick outline about the event.

The conference is in Amsterdam, on 11th to 13th June 2009. Thursday 11th is the tutorial day, Friday and Saturday are the main conference days. The schedule is entirely in English and it looks excellent to the point that I am wondering how I can clone myself to see multiple sessions. http://www.phpconference.nl/schedule/ – don’t think I’ll be seeing much of the hallway track at this one.

Since this event is organised by my employers, Ibuildings, I get to attend, which I’m very pleased about – and I’ll also get to meet up with all my colleagues which is always great fun. The phpwomen will also be in evidence. The speakers list includes people from all over Europe and also North America which is nice, there will be some crossover between existing geographical communities which is always good for swapping ideas (and conference anecdotes of course). Its a varied linedup of talks but its all pretty advanced, so I’m looking forward to learning a lot even though I’ve already attended quite a few PHP conferences.

I notice the early bird pricing is valid through to 30th April so if you are thinking of coming along then its worth making your plans sooner rather than later – its very easy to get to from pretty much all of Europe so no excuses! Hope to see some of you there, do come and say hi :)

01 Apr
2009

PHPNW Test Fest Event – May 9th 2009

The PHPNW user group are taking part in this year’s PHP Test Fest. Our event will be on 9th May – you can sign up to attend (limited places so do let us know) on the upcoming page for this event: http://upcoming.yahoo.com/event/2299548/

The idea behind Test Fest is twofold: firstly, to give an approachable way for PHP developers to contribute back to the core – we’ll learn how to write tests on the day and can continue to do so after the event of course! Secondly, PHP itself gets better tests, and the language itself gets better. All in all, I can’t see a reason not to do it!

There are events right around the world so if you can’t be in Manchester then take a look around and see if there is something nearer to you that you could be involved in. Northen people – I’ll see you there :)

27 Mar
2009

PHP Training Courses from Ibuildings

Ibuildings (my employers) have announced their public courses in the UK – this is very exciting as its been in the planning for a while and of course it means more people can be using PHP to build excellent applications. There are more details on the Ibuildings site of the courses and dates available.

Our classroom training is a bit different in that we send one of our real, live software developers to come along and teach the course. I actually really enjoy doing training as part of my day job rather than as a separate job that I do instead, because I actively do the thing I’m trying to teach and find it easy to think of good examples of when a particular thing does or does not work. If you’re thinking of getting some PHP training, then have a look at the courses.

04 Mar
2009

Sortable Views in Drupal 6

I’m completely new to Drupal, I’ve heard a lot about it and I know some evangelists, but I’ve never had reason to use it – until now. So, I might be using the wrong words for things or not explaining things too well, but I’m going to record this because it took me so long to find, and I might need it again.

I am working the Workflow Summary page, which is populated by a view. This view has fields, filters and I can specify the sort order for it, which is all great and it has a surprisingly accessible interface considering all the ajax and whatever else that is going on in there. But the users wanted to be able to re-sort the columns as they went along. Guess what? Drupal already has a way to do this!

  1. Edit the view you want to add the column sorting to
  2. Under “Basic Settings”, look for “Style: Table” and click on the picture of a cog next to it. (if I were a serious blogger, I’d screenshot. Never mind, eh?)
  3. Scroll down to see the table settings
  4. There is a list of the fields, and a tickbox for each labelled “sortable” – tick the boxes for any columns you want users to be able to change the sort order on

I didn’t find this very fast but thanks to some help from #drupaluk on freenode someone pointed me in the right direction – my columns now have clickable headers and resort as expected! If this helps, or if you have any more tips for this type of thing, please do add a comment.

02 Mar
2009

PHPUK Conference (London) 2009

Last week I was in London for the annual PHP conference held by the PHP London User Group. One thing that makes this conference different from any others I’ve attended is that its organised by volunteers. Another thing which makes it unique is that I have attended more than one of these annual events: this is my third year in attendance here, whereas I’ve yet to attend any other conference more than once.

This year had quite a different feel from the other times I’ve attended. With a “real” conference venue at Olympia Conference Centre and talks by big-name employers rather than the usual round of community luminaries, I wasn’t really sure what to expect. In fact for the first time I didn’t even try to attend talks in every slot, since there weren’t so many that appealed to me. Of the talks I did see however, I can only give great praise for the most part. I was completely taken by surprise by Aral Balkan’s “The Future’s So Bright, I Gotta Wear Shades” talk. I mean, put a trendy guy with a cool name who claims to be a flash developer together with a cheesy talk title and make it the first talk of the day … I mean, meh. However, I was very happily surprised to find it was a great talk, the audience loved it and I was completely inspired!

The organisers also allowed us to have a stand to represent phpwomen.org which was great. We had little badges and moo cards to give away and quite a few people, men and women alike, dropped by to ask what we were about and to say hi. We had fewer general passers-by talking to us this year than last year. I’m not sure whether that was the more formal setting, because we were there last year anyway and are better known now, or whether the fact that there were actually quite a few women there put the guys off getting too close to the group :) Either way, it was great to have everyone and we made lots of new friends!

The PHPWomen Stand

All in all, I had a wonderful time and enjoyed the crowd and all the people I met – both old friends and new ones. See you all next year!

16 Feb
2009

techPortal – new PHP developer resource

There is a new resource for PHP developers available from today – techPortal from Ibuildings. First, I must add the disclaimer – Ibuildings are my employers, so I’ve known about this project for a while. I helped set up the site and the first tech article on there is mine. With those aside though, this site is going to be a really valuable resource – with content on advanced topics mostly written by my colleagues. Ibuildings employs some pretty accomplished people and has a steady stream of interesting projects, I get to chat over these things when I see the guys (and girls) in the bar; it’ll be great to have it written down and shareable.

The “share” aspect of techPortal is really key – we have all learned a lot from other people publishing and sharing their knowledge, and this is a central point for all our developers to contribute in the same way. I’m also very excited on a personal level since I’m already published on the site! My article Getting Started with Memcached is my first contribution to this new venture and I’m looking forward to seeing what else will follow :)

(I should point out that the article is now a few weeks old and doesn’t include anything about the new memcached extension recently released by Andrei Zmievski. Perhaps there could be a sequel … )

09 Feb
2009

PHPWomen “I am” Competition

PHPWomen have announced a new competition on their website – to complete a sentence “I am a phpwomen member because…” in a post on their forums to win a prize! Already people are posting and the prize is a certificate to spend at php|architect’s site. Pop over to the forums and join in the fun!
06 Feb
2009

DPC 2009 – Currently Calling for Papers

The Call for Papers for the Dutch PHP Conference 2009 is currently open – with only a week left, it closes next week on Friday 13th. I went to this conference in Amsterdam for the first time last year, when I was still relatively new in my job at Ibuildings. This year, I’ll be there again and looking forward to attending the sessions, the social events – and of course a great excuse to catch up with all my colleagues and the wider dutch PHP community. Hope to see you there :)