Shellshock (or Bashdoor) is a series of software vulnerabilities found in GNU Bash in September, 2014. The level of danger currently assigned to this vulnerability by NVD is ‘10 of 10’; moreover, it needs no authentication to use Bash through CGI scripts. Vulnerability affects all Bash versions of nearly 25 years (including 4.3). Alas, the vulnerability can be preserved in the future versions. Let’s clarify the essence of the bug.
The main danger is the ability to arbitrarily set the environment variables in the bash shell. The problem appears when the bash shell continues to process commands after the function definition, so it allows to perform code injection attack. Thus, at the moment bash interpreter processes some code line any command can be executed. In the context of the Web, it can be done through such mechanism as CGI script (not necessarily via a request header). Keep in mind that the path and query string can also be a potential attack vector. More →
Docker is an open source platform that automates the process of deployment by creating application containers that can be launched on absolutely any system (regardless of the language the application is written in). This platform brings together the Docker Engine container runtime, tools for creating packages and API. There are also repositories containing environment instances to run popular applications (MySQL, Nginx, Redis, etc..). Docker is written in Go and licensed under Apache 2.0. It comes complete with a full set of documentation and guarantees API backward compatibility. More →
CakePHP is a free open source PHP framework for rapid web-application development that provides you with all necessary tools making your application logical. In such a way it releases you from monotonous work in website development. Instead of re-inventing the wheel each time you create a site you can just make a CakePHP copy with the new project-specific settings.
Generally, experienced users identify the following advantages: More →
Concrete5 is a developing open source content management system (CMS). It has a number of advantages that make the work with site content very easy and user-friendly. As you can see, in this article Concrete5 features and benefits are discussed.
As a rule, users of this CMS mark out following advantages:
- You can edit content directly on the site. In most cases, to edit the site page you have to open the admin panel, make all the changes, then return to the site, and refresh the page. Concrete5 has admin panel too, but it is not necessary to use it in order to edit a page. More →
Package managers simplify the installation and update of project dependencies (third-party libraries used in the project). Instead of visiting library website, downloading and unpacking archives, and copying files to the project you can just use a pair of commands in the terminal.
The most popular template engine today is PHP. However, sometimes developers need a more flexible and functional template directed instrumentation. Here Twig comes to the aid!
Most famous modern engines drop behind Twig for many reasons. Basically, they offer a very limited syntax (variables and loops only). Most of them are also quite slow, because they do not use caching, and just parse patterns on regular expressions which is known to be quite resource-intensive process.
Twig offers a safe, short and full-featured API inherited from the famous Jinja template system. But what makes Twig so powerful? More →
Many web-developers think application deployment should be creative and interesting process without causing considerable inconvenience. But is it possible? Fortunately, Laravel can make this dream come true!
Laravel is a convenient and user-friendly PHP framework. It frees you from the unwieldy spaghetti code and helps to create great web applications using simple and intuitively obvious syntax. This PHP 5.3 framework describes itself as ‘A Framework For Web Artisans’. In the judgment of its author, Taylor Otwell, Laravel tries to give the joy of programming. It is: More →
mod_rewrite is very flexible and versatile Apache program module which primary function is the URL manipulation. Note that it will not run under other web servers! This is a really powerful tool; therefore it is essential to know how it works and how to use it. In fact, you should not necessarily use it in your project, but it is really important to know what this module can do.
This module provides a rule-based mechanism for dynamic change of requested URL. More →
Network load balancing is a method of allocating tasks across multiple network devices (e.g. servers) in order to optimize resources usage, reduce the request processing time, as well as to provide fault tolerance (redundancy).
Load balancing can be used to empower the server farm. It also allows to continue server operation even when several execution units are out of order.
To achieve maximum bandwidth and resilience you have to keep several important rules. More →
Many people (and not only newbies) confuse memcache with memcached because of the names similarity. Let’s investigate the difference between these popular tools.
Some users think that memcache and memcached are both caching services, but it is not true. In fact, there is only one hash table based data caching service, and it is called Memcached. Using a client library it allows you to cache data in RAM of available servers.
But what is memcache then? More →