Dear all, I am an IT-security professional in Germany and have an extensive software development background. However, this is my first adventure in PHP extension development.
I have developed a PHP extension that transparently encrypts all HTTP session data on the server before it is persisted in order to protect this session-data from prying eyes on the server (like rogue admins or other critters). I named this extension "Secure Session-Data Storage" (SSDS). I presume that this module might be perceived as a sort of extension that implements a paranoid-level security feature; however, from my personal and professional experience this type of functionality is direly needed in real-life deployments. An introduction/overview to my extension can be found online: http://programm.froscon.de/2012/system/attachments/202/original/2012-08-26%20-%20FrOsCon%20-%20php-ssds.pdf Key idioms while implementing this extension were simplicity for deploying administrators and runtime compatibility: configuration is easy and PHP applications must not be modified. All session storage backends (save_handler's) are automatically supported. My current release is just a few minutes old and should meet all requirements for PHP extensions (that I am aware of, at least). In addition, the implementation has been source-code audited by several experts and no weaknesses have been found. I consider it to be production-ready. Sources are currently on SF (but I am willing to migrate): https://downloads.sourceforge.net/project/php-ssds/php-ssds-1.12.tar.gz https://svn.code.sf.net/p/php-ssds/code/trunk I chose BSD-new as the license for my extension, but am also willing to reconsider (if required and reasonable). Yours, Juergen -- PECL development discussion Mailing List (http://pecl.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
