What are PHP Data Objects?

PHP recommends instead of using the standard mysql_connect() and mysql_query() functions that instead you use PHP Data Objects, or mysqli_() functions for database interactions. PHP Data Objects are a robust, easy-to-learn and easy-to-use object-oriented interface for interacting with databases. Object-oriented programming is a conceptual programming model for developing applications, and results in cleaner, more organised and structured code. I would assume you have some familiarity with object-oriented programming already, as it would help to understand how to use PHP Data Objects proficiently.

Connecting to a database using PHP Data Objects is incredibly simple.

$string = “mysql:dbname=db_name;host=localhost”;
$user = ‘db_user’;
$password = “your password here”;
try
{
$db = new PDO($string, $user, $password);
}
catch (PDOException $e) {
echo ”Connection failed: ” . $e->getMessage();
die();
}

The Try, Catch block is used to try a block of code and if any problems occur, the errors are returned in the catch block. In this instance, the PDO() object would return an PDOException() object if an error occurred with the connection to the database. The getMessage() method of the PDOException class would return the error in question. It’s a super efficient way of handling errors that may otherwise cause errors to be displayed on the page.

The $string variable contains the DSN (Data Source Name) which essentially is to tell PHP Data Objects what database system you want to connect to and the name of the database and where the database is located (in this instance, the database is located on the same server as the PHP application being executed on – hence localhost). For more information on DSN, see the PHP documentation.

Executing database queries.

To execute SQL queries, here’s an example:

$query = $db->query(“SELECT * FROM users”);
foreach($query as $row)
{
echo $row['column'];
}

This will obviously loop through each result row and return the column named column as specified in the array index name of $row. Essentially, $query is returning an associative array that you loop through using a foreach() loop.

Some more examples include:

$query = $db->exec(“UPDATE users SET username = ‘$username’ WHERE username = ‘$username_old’”); // returns number of affected rows

if($query)
{
echo “Row updated”;
}

Note: The exec() method does not work for SELECT queries. The exec() method executes an SQL query and returns the number of affected rows. A SELECT query does not affect any existing rows, which is why a SELECT statement doesn’t work. Do check how many rows are returned from a SELECT query, you can do this:

$query = $db->query(“SELECT * FROM users”);
echo $query->rowCount();

In this instance, the method rowCount() is used to count the amount of rows returned by the query. You may notice that the query() method will return an entire object (specifically a PDOStatement object) and in the PDOStatement class there is a method called rowCount() which returns an integer value representing the amount of rows returned by the query in question. However, you can also loop through the returned results of the query() method using a foreach loop, or perhaps the first row result using the fetch() method of the PDOStatement class, which returns the next row from the result set (so in this instance it will be the first row).

Unlike the PEAR library which you need to install separately on your ESDS Dedicated Server (the PEAR library has its own class for database interaction), the PDO extension is enabled by default as of PHP 5.1.0 and above.

As far as we are handling Apache, MySQL, and PHP, they fall into the category of “Application of repute” to support and upgrade security at their latest stable versions, but all of them and at some point in time their respective projects, may have experienced more vulnerable periods from high or low.

If you are using versions of some of these applications, which undoubtedly will comply from a particular version number, with the minimum requirements to run Joomla, But with known vulnerabilities, not correct and / or without official support , we are looking at some acceptable level of safety. Therefore, it is also recommended to move within an acceptable level of security, using or being updated to latest stable versions.

What security measures are currently implemented?

Do you use strong passwords?

• strong password means that more than eight digits, consisting of letters, numbers and signs allowed, without any sense.
• Change passwords periodically and do not use the same passwords for levels which are having different access, is highly recommended as well.

Do you have a complete backup of your site?

• Having a data backup of your database and files and folders on your dedicated hosting at least once in a week will help in case of intrusion at least not to lose all your work and others have contributed to your site.
• If you use hard drives replica, or work with replicas of the DB, you can minimize the loss of sensitive information.
• Provide support for traditional backup and replication support for help to overcome most problems, and the absence of any of them can lead to irreversible situations in regard to information retrieval.

Extra Protection From?

• On the extra protection, only commenting that deals with limiting the damage, but not acting directly on the root of the problem .. that in most cases, the root of the problem, software will be vulnerable or improper seating.
• Examples of extra protection, the rules are anti-or anti-exploit SQL injections, which, when detecting any “malicious pattern” within a URL access, block it.
• And so, normally, most of applications such as Apache can be good, have some type of utility, type mod_security, mod_rewrite which, if configured properly, frustrate many of the unwanted intrusion attempts with little yield false positive.
• Then, against security holes in code, the extra protection, which is more breading solution, you can save on many occasions.
• The availability of this type of protection for what are the applications that make up our environment, and it never hurts to review all the access log or error within our reach.

It is very common nurtured false belief that “to summon a website, simply install Joomla! and ready ” .

While Joomla has been engineered to provide facilities to a wide range of users, including those with little or no programming knowledge level websites, this does not mean at all that maintain safety on our sites is governed by the same advantage .

Then, if it may be true that “to summon a web” with Joomla! enough to know you’ve actually set it up and “put together a website,” but one thing is the ease of use, flexibility and extensibility that provides Joomla! and quite another to maintain the security of our sites within acceptable levels.

Suggestions

Review each question that are presented below:

• What version of Joomla are you using?
• What third-party extensions you have installed?
• What version of Apache / MySQL / PHP are you using?
• What type of server hosting you have hired?
• What security measures are currently implemented?
• What version of Joomla are you using?

An acceptable level of security is to use the latest stable versions of each of the applications that make up our website and the Joomla is no exception.

While Joomla CMS is a pretty sure of itself, which takes care to avoid unwanted intrusions through your code, or that when it detects a vulnerability to high or low, is quick to repair it as soon as possible.

What third-party extensions you have installed?

If Joomla is responsible for ensuring your code to avoid unwanted intrusions by the same both for what is the core of the application to the extensions that come natively with the installation of CMS. There are lots of extensions programmed by third parties (the CMS installed later) that are not under the control of quality or safety of the Joomla!, but of the respective authors of each of those extensions.

While the purpose of upgrading to the latest stable versions of the extensions we are working with, we face the same criteria applied in the previous paragraph and for the same reason, it should be emphasized that, contrary to what might happen with CMS currently extensions under a security aspect, may have been poorly programmed by their respective authors, or lack of support or updates in this regard.

It is difficult for the eye of someone who is not skilled programmers to distinguish between the variety of tastes and colors with which we get the extensions (seen from a look of “secure programming”).

When an extension programmed by third places on record, in a manner similar to that used by the authors of Joomla, They are implementing security policies designed to thwart intrusion attempts known by its code, or , updated as soon as possible if new security flaws detected, we would, again, in conditions or acceptable level of safety.

In the opposite case, we would be with that third-party extension in particular, unfavorable security conditions, and therefore in a very low level of security is acceptable.

While it provided “vulnerable extensions list” does not mean that “the other extensions that do not appear in that list are safe, viewed from the code and about the chances of malicious intrusions known through it.”

Take these lists as a means commonly used to stay informed and continue to report, among all, on extensions that allow malicious intrusions through your code and get more and more complete lists (perhaps an extension that appears on this list only vulnerable to an earlier point in their development and later to the version mentioned in that list, solved the security problem on their part).

The extensions use only reputable and stable, supporting and updating the security issue, you will greatly limit the extensibility of your project, but will keep within an acceptable level of safety.

In this brief article we will cover the installation and configuration of Apache on CentOS and some other functions required in today’s web servers. Although there are already plenty of material about it, a simple Google search returns a number of texts already, I decided to write about it because it is something simple that sometimes escapes from memory, having published the text is easier to see later and also did not find here any similar text in Vol.

To begin, let’s put some basic descriptions, because there’s always a first-timer. CentOS is a distribution Linux Enterprise class derived from source code freely distributed by Red Hat Enterprise Linux and maintained by the CentOS Project. The version numbering is based on the number of Red Hat Enterprise Linux. For example, CentOS is based on Red Hat Enterprise Linux. The basic difference between them is the provision of support paid on acquisition of a Red Hat Enterprise Linux.

Functionally, it can be considered as clone systems. CentOS provides greater access to industry-standard software, including full compatibility with the software packages prepared specifically for systems Red Hat Enterprise Linux. This gives you the same level of safety and support via updates that other Enterprise Linux solutions, but without cost. Supports both server environments for mission critical environments and workstations and also has a Live CD version.

CentOS has numerous advantages, including: an active and growing community, a rapid development and testing of packages, an extensive network for downloads, accessible developers, multiple channel support including support in India. and commercial support through partners. Centos Apache server (Apache HTTP Server, or simply, Apache) is the most successful free web server.

It was created in 1995 by Rob McCool, then an official of the NCSA (National Center for Supercomputing Applications). In a survey conducted in December 2007, it was found that using the Apache represents 47.20% of active servers in the world. It is the core technology of the Apache Software Foundation, responsible for more than a dozen projects involving technology webcast, data processing and execution of distributed applications.

The dedicated  server is compatible with the HTTP protocol. Its features are maintained through a structure of modules, including allowing the user to write their own modules – using the API software. It is available in versions for Windows OS and the various other POSIX (Unix , Linux, FreeBSD, etc.).

PHP (recursive acronym for “PHP: Hypertext Preprocessor”) is a computer programming language interpreted freely and widely used for generating dynamic content on the World Wide Web such as Wikipedia.

MySQL is a database management system (DBMS) using SQL (Structured Query Language) as an interface. It is currently one of the most popular databases, with more than 10 million installations worldwide.

In the latest Linux distributions so-called RedHat based distributions installation ligament Apache+PHP+MySQL presents no special problems. But, as always, sometimes there are little pitfalls that often confuse novice admins, owners of dedicated web servers, and programmers.

We describe this process as an example with Fedora Core 4.

We go to the server as root and type the following commands:
yum install httpd (this we have established in apache);
yum install PHP (this we have established in php);
yum install mysql-Server (this we have established in mysql);

and the final touch:

yum install php-mysql
without this bunch of php + mysql will not work.

The default is typically not installed in GD libraries (often used by various scripts) and mbstring (the library require phpmyadmin). For this, we collect the following commands:

yum install php-mbstring
yum install php-gd

Also, I am still faced with the fact that the characters of other languages appear as question marks. This is because the Apache force indicates all files to UTF-8. This can be fixed in the configuration file of httpd.conf .

Look there are lines:

# Specify a default charset for all content served; this enables
# Interpretation of all content as UTF-8 by default. To use the
# Default browser choice (ISO-1 eight thousand eight hundred and fifty-nine), or to allow the META tags
# In HTML content to override this choice, comment out this
# Directive:

# AddDefaultCharset UTF-8

And check that before AddDefaultCharset UTF-8 always stood the pound sign.

Here’s the secret installation. Now write ntsysv and put an asterisk in front of emerging service httpd and mysqld to ensure that these services are started automatically after reboot.