Expert PHP and MySQL. Application Desscpi and Development. Apress" Marc Rochkind



Similar documents
Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

TABLE OF CONTENTS ABSTRACT ACKNOWLEDGEMENT LIST OF FIGURES LIST OF TABLES

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

Criteria for web application security check. Version

MySQL for Beginners Ed 3

Automatic vs. Manual Code Analysis

Annex B - Content Management System (CMS) Qualifying Procedure

Design and Implementation

Chapter 1 Web Application (In)security 1

Implementing and Administering an Enterprise SharePoint Environment

CSCI110 Exercise 4: Database - MySQL

SQL Databases Course. by Applied Technology Research Center. This course provides training for MySQL, Oracle, SQL Server and PostgreSQL databases.

How To Write A Diagram

15 Organisation/ICT/02/01/15 Back- up

Beginning SQL Server Administration. Apress. Rob Walters Grant Fritchey

ARIS Design Platform Getting Started with BPM

Adobe Systems Incorporated

Web Application Security

Installing Globodox Web Client on Windows Server 2012

Beginning C# 5.0. Databases. Vidya Vrat Agarwal. Second Edition

SQL Server Integration Services Design Patterns

Windows PowerShell Cookbook

DIPLOMA IN WEBDEVELOPMENT

BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS

SQL Server Integration Services. Design Patterns. Andy Leonard. Matt Masson Tim Mitchell. Jessica M. Moss. Michelle Ufford

REDCap General Security Overview

SQL Server for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach

Where every interaction matters.

Request For Proposal Website Saurashtra University,

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Lecture 11 Web Application Security (part 1)

BIRT: A Field Guide to Reporting

Windchill PDMLink Curriculum Guide

Expert Oracle Enterprise

PROJECT MANAGEMENT SYSTEM

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

System Administration of Windchill 10.2

Contents RELATIONAL DATABASES

Integrity 10. Curriculum Guide

Windchill Service Information Manager Curriculum Guide

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

Oracle Application Express MS Access on Steroids

Project 2: Web Security Pitfalls

Business Administration of Windchill PDMLink 10.0

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

Last update: February 23, 2004

Web Application Guidelines

elearning for Secure Application Development

Results CRM 2012 User Manual

SQL Server 2008 Administration

Expert Oracle. Database Architecture. Techniques and Solutions. 10gr, and 11g Programming. Oracle Database 9/, Second Edition.

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Pro SQL Server Reporting Services. Third Edition. mm m. Brian McDonald. Shawn McGehee. Rodney Landrum. Apress*

Introduction to Windchill PDMLink 10.0 for Heavy Users

External Network & Web Application Assessment. For The XXX Group LLC October 2012

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO TABLE OF CONTENTS

Web Development using PHP (WD_PHP) Duration 1.5 months

Practical Load Balancing

Table of Contents. Introduction

Designing and Coding Secure Systems

Microsoft SQL Server 2005 Reporting Services Step by Step

Elgg 1.8 Social Networking

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Contents. Intended Audience for This Book How This Book Is Structured. Acknowledgements

FHE DEFINITIVE GUIDE. ^phihri^^lv JEFFREY GARBUS. Joe Celko. Alvin Chang. PLAMEN ratchev JONES & BARTLETT LEARN IN G. y ti rvrrtuttnrr i t i r

Pentests more than just using the proper tools

Office 2010 Workflow;

Customer Bank Account Management System Technical Specification Document

Magento Security and Vulnerabilities. Roman Stepanov

Beginning ASP.NET 4.5

05.0 Application Development

Development and Management

Attachment D System Hardware & Software Overview & Recommendations For IRP System

OWASP TOP 10 ILIA

Bridging the Gap - Security and Software Testing. Roberto Suggi Liverani ANZTB Test Conference - March 2011

Pro SQL Server 2008 Pol icy-based. Management. Ken Simmons. Colin Stasiuk. Jorge Segarra. Apress8

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek

E-Commerce: Designing And Creating An Online Store

JVA-122. Secure Java Web Development

How To Test A Computer System On A Microsoft Powerbook 2.5 (Windows) (Windows 2) (Powerbook 2) And Powerbook (Windows 3) (For Windows) (Programmer) (Or

Web Plus Security Features and Recommendations

Training Guide: Configuring Windows8 8

REDCap Technical Overview

Note: With v3.2, the DocuSign Fetch application was renamed DocuSign Retrieve.

Web Security Testing Cookbook*

Testing the API behind a mobile app. Tutorial Marc van t Veer

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

YubiKey Authentication Module Design Guideline

Network Monitoring Tool with LAMP Architecture

Project Plan Log Monitoring Compliance

SAP BusinessObjects Business Intelligence (BI) platform Document Version: 4.1, Support Package Report Conversion Tool Guide

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

J j enterpririse. Oracle Application Express 3. Develop Native Oracle database-centric web applications quickly and easily with Oracle APEX

Workday Mobile Security FAQ

MySQL Enterprise Monitor

Assessing Network Security

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Transcription:

Expert PHP and MySQL Application Desscpi and Development Marc Rochkind Apress"

Contents About the Author About the Technical Reviewer Acknowledgments Introduction xvii xix xxi xxiii -Chapter 1: Project Organization 1 People Determine Success 1 Who Are the People? 1 How to Satisfy? 2 Projects Have Three Dimensions 3 Requirements 4 The Development Team 4 Hiring the Best 5 The Schedule 6 Scheduling the Unknowable 7 A Scheduling Example 8 Why Projects Fail 9 Poor Requirements 10 Weak Team 10 Failure to Prototype High-Risk Features 10 Bad Design 10 Poor Development Processes 11 Changed Priorities 11 Sabotage 11 vii

Managing the Project 11 Dividing the Work 14 Exploiting Database Centricity 14 Assigning Components to People 15 The Workplace 15 Issue Tracking 16 Legal Matters 17 Have a Written Contract 17 Know Who Owns What 18 Watch Out for License Entanglements 18 Involving a Lawyer 19 Getting Paid 19 Invoicing 19 Collecting 20 Chapter Summary 21 ^Chapter 2: Requirements 23 Outline of the Requirements Document 23 Rough First Draft: Scope Without Detail 25 A Closer Look at the Requirements Sections 27 When the Requirements Change 32 Logging Requirements Changes 32 Modifying the Requirements Document 32 Use Cases 38 Requirements War Stories 39 The Runaway Developer 39 The Arzano Ranch 40 Agile Requirements 40 Chapter Summary 43 viii

ii Chapter 3: Platforms and Tools 45 Client-Server Architecture 45 Server Platform 47 The LAMP Stack 47 Server Operating System 48 Web Server 48 Database System 49 Server Programming Language 50 Client Platform 51 Client Operating System 51 Browsers 51 Client Programming Languages 53 Development Platform and Tools 54 Development Operating System 54 Installing a Web Server, MySQL, and PHP 54 Editors and IDEs 56 Transferring Files 57 Debugging Tools 58 Testing Tools 58 Version Control 58 Issue Tracker 59 Hosting Alternatives 59 Commercial Shared-Hosting Services 60 Hosting Scalability 60 Users, Groups, and Permissions 61 Cloud Servers 63 Installing New Versions 72 Doing It Wrong 72 Doing It Right 75 Chapter Summary 80 ix

Chapter 4: The Database 83 Relational Databases 84 SQL 84 Some History 84 SQL Statements 85 What a Select Statement Does 85 Joining Tables 87 Expressions and Stored Procedures 92 Further Reading About SQL 92 Entity-Relationship Modeling 92 ER Diagrams 92 ER Design Tools and MySQL Workbench 94 The ER Design Process 101 Identifying the Entities 102 Identifying Relationships and Their Semantic Information 103 Defining the Attributes 106 Deciding on Primary Keys 106 Foreign Keys 109 Subtypes 112 Physical Design 112 From ER Diagram to Physical Design 113 NULLS 114 Normalization 117 First Normal Form (1NF) 117 Second and Third Normal Forms (2NF and 3NF) 119 Fourth Normal Form (4NF) 120 Constraints 121 MySQL Constraints 121 Constraints with MySQL Triggers 122 Transactions 130

Database Security 132 Backup and Recovery 132 Network Security 133 Access Control 133 Performance Optimization 134 Do You Have a Good Database? 135 Developing an Object-Relational Mapping Layer 135 Chapter Summary 137 Chapter 5: Application Structure 139 Accessing MySQL from PHP 139 Connecting with PDO 140 Database Credentials 143 Executing SQL Statements with PDO 144 Handling Database Inserts and Updates 147 PHP-Browser Interaction 150 How HTTP Works 150 PHP and Forms 153 Integrating Forms and Databases 157 Choosing Between GET and POST 160 PHP Sessions 160 A Page Framework 163 Page Structure 163 Page Framework Usage 165 Page Framework Files 171 Page Framework Implementation 172 Session Transitions and Login Pages 176 Dealing with Relationships 179 Forms with Foreign Keys 179 Handling Many-to-Many Relationships 185 Chapter Summary 189 xi

# Chapter 6: Security, Forms, and Error Handling 191 PHP Security Overview 191 The Computer Has to Be Secured 191 Password Strength 192 Hashing Passwords 193 Storing Hashed Passwords 194 Two-Factor Authentication 194 SQL Injection 195 Cross-Site Scripting 195 Cross-Site Request Forgery 197 Clickjacking 198 Reversed CSS Attacks 202 Submitting Requests with POST 202 Security Summary 204 Forms 205 Basic Form Class 205 Text Fields, Labels, and Buttons 206 Foreign Keys 207 Check Boxes 209 Radio Buttons and Menus 209 Dates 210 Password-Strength Feedback 212 The User Table and Password Management 213 The User Table 214 User Table Constraints 214 The Security Class 215 Getting Hashes from the Database 220 Checking the Password and Verification Token 221 xii

Logging In and Handling Forgotten Passwords 222 Logging In with the Login Form (Phase 1) 224 HTTP Authentication 226 Verifying the Login (Phase 2) 227 Sending an Authentication Code 229 Checking the Verification Code and Completing 2FA Phase 2 230 Temporary Passwords 231 Changing a Password 234 Using a YubiKey for 2FA Phase 2 236 Setting the YubiKey Identifier 237 Verifying a YubiKey OTP 238 Comparing SMS/Voice and YubiKey 239 Error Handling 239 Error Message Usability 239 Catching Errors 240 Logging Errors 241 Hiding Errors 242 Translating Errors 242 Chapter Summary 247 Chapter 7: Reports and Other Outputs 249 Queries as Reports 249 Role-Based Access Control 254 RBAC in MySQL 255 RBAC Database Tables 255 Implementing RBAC with the Access Class 259 Hierarchy of Access 261 The Report Class: HTML and CSV Output 262 Report::html Method 262 About Character Sets 263 Report::csv Method 264 xiii

Generating PDFs from PHP 265 About PDFs and PDF Libraries 265 A Simple FPDF Example 266 FPDF Drawing Methods 267 FPDF::MultiCell Method 271 Writing Tables with FPDF 272 FPDF Headers and Footers 274 More FPDF 274 The Report Class: PDF Output 275 Using the Report Class to Build Reports 279 A Generalized Reports Page 280 Chapter Summary 282 : Chapter 8: Data Conversion 283 Conversion in the Development Process 283 Convert Early 283 Convert Often 284 Conversion Sources 284 Enumerating Conversion Sources 284 Static vs. Dynamic Sources 285 Connecting Directly to the Source Database 285 Export Formats 285 Generating Conversion Programs Automatically 286 Dates. Times, and Character Conversion 289 Wacky Date Formats 289 Handling Times 291 Character Conversions 291 After Conversion 292 Testing the Converted Data 292 Fixing Bad Data 292 Keeping Unconverted Data 293 xiv

Variant Names 294 Consolidate After Conversion 294 Discovering Name Variants 295 Organizing the Database Search 295 Replacing Foreign Keys 301 Finding the Foreign Keys 303 Marking Replaced Rows 305 Chapter Summary 305 Index 307 XV

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information