php-general Digest 22 Feb 2009 17:38:38 -0000 Issue 5973
php-general Digest 22 Feb 2009 17:38:38 - Issue 5973 Topics (messages 288657 through 288657): PHP5 - SOAP extension and WSDL generation 288657 by: Yannick Warnier Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hi there, I'm trying to find out how to generate a WSDL with the functions I am providing as web services, and I'm finding various posts on the net that say it's not possible with the SOAP extension built in PHP5. At the same time, I find that http://www.php.net/manual/en/soap.constants.php lists four constants that have to do with WSDL caching: WSDL_CACHE_NONE (integer) WSDL_CACHE_DISK (integer) WSDL_CACHE_MEMORY (integer) WSDL_CACHE_BOTH (integer) which apparently are only used in the http://www.php.net/manual/en/soapserver.soapserver.php method. so I'm a bit confused about the lack of info there. Why would the extension not include a WSDL-generation method for one given server object while other libraries (NuSOAP and PEAR::SOAP) do? Isn't that kind of pushing users away from the core extension? I mean, generating a WSDL is not a funny job, but many services will need one and a developer doesn't want to be updating his at every change he makes in his service function, does he? Thank you, Yannick ---End Message---
php-general Digest 23 Feb 2009 06:14:20 -0000 Issue 5974
php-general Digest 23 Feb 2009 06:14:20 - Issue 5974 Topics (messages 288658 through 288662): Securing web services 288658 by: Yannick Warnier 288659 by: Nathan Rixham Re: Which file Included me? 288660 by: RottenEye ldap_search filter with memberOf 288661 by: Zaitchik, Alan need help on the BBcode extension: What's the syntax of the Object Oriented Notation content_handling 288662 by: Zhang Qingcheng Administrivia: To subscribe to the digest, e-mail: php-general-digest-subscr...@lists.php.net To unsubscribe from the digest, e-mail: php-general-digest-unsubscr...@lists.php.net To post to the list, e-mail: php-gene...@lists.php.net -- ---BeginMessage--- Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for securing web services), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do). Following the very nice table on page 32 of http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf using a combination of XML Encryption and XML Signature would provide a cover for almost all security risks related to providing web services. This article: http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html also goes away from the SSL method and *talks* about XML-DSIG and WS-Security, but that's out of PHP context. Finally, the following article talks about NuSOAP and the SetCredentials method, which is probably the closest I can get to secure web services using existing PHP code. Would anybody out here have gotten further and be able to tell me how they did it? Thanks, Yannick ---End Message--- ---BeginMessage--- Yannick Warnier wrote: Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for securing web services), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do). Yanick, I'm hoping to save you some time here; Web Services are very poorly implemented in PHP (and that sentence is the reason I'm emailing you off-list). Everything you need is catered for in SOAP and by using the WS-xxx extensions which are common place in the Java and .net world (infact most languages) - thankfully those who are fortunate enough to know can do this in PHP as well and consume all manner of web services, as well as generate them. You need WSO2 (oxygen) - specifically WSO2 WSF/PHP; it's the finest web service library for all languages and has a massive community behind it. http://wso2.org/projects/wsf/php docs: http://wso2.org/project/wsf/php/2.0.0/docs/api.html Honestly my friend, everything you need - I've been through the same thing as you for moths over many projects and this framework saved my life. it also has very nice scripts for working with wsdl including an automatic wsdl2php and a full WSDL generation API :) Many Regards, Nathan ps: I'm no affiliation :) ---End Message--- ---BeginMessage--- But we could use rawurlencode($_SERVER['PHP_SELF']), no? João Michael A. Peters wrote: Nisse Engström wrote: On Wed, 18 Feb 2009 10:37:53 -0800, Michael A. Peters wrote: http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) Amazing! Not once did they mention htmlspecialchars(). /Nisse htmlspecialchars causes problems if you are going to use the data with DOMDocument. I believe the point was to produce a proper _SERVER['PHP_SELF'] - not a sanitized but still borked version. ---End Message--- ---BeginMessage--- I am trying to construct a filter for ldap_search that tests the AD memberOf attribute. The latter has possibly multiple values for a given user, and I want something like (memberOf=*Student*) to get all and only the students. I realize that the above does not work, that the memberOf attribute has some internal structure that requires something more complicated, but I cannot seem to get it working. What I have done is use a very broad $filter, an $attribs that includes memberOf-- and then loop through the results keeping only the students, thus: $sr= ldap_search($ldapconn, $dn, $filter, $attribs); for ($entryid=ldap_first_entry($ldapconn,$sr);$entryid!=false;$entryid=ldap_next_entry($ldapconn,$entryid)){ $this_memberof = implode(ldap_get_values($ldapconn,$entryid,'memberof')); If (stripos($this_memberof,'student') ) { // do something, etc. } } But this is wildly
[PHP] PHP5 - SOAP extension and WSDL generation
Hi there, I'm trying to find out how to generate a WSDL with the functions I am providing as web services, and I'm finding various posts on the net that say it's not possible with the SOAP extension built in PHP5. At the same time, I find that http://www.php.net/manual/en/soap.constants.php lists four constants that have to do with WSDL caching: WSDL_CACHE_NONE (integer) WSDL_CACHE_DISK (integer) WSDL_CACHE_MEMORY (integer) WSDL_CACHE_BOTH (integer) which apparently are only used in the http://www.php.net/manual/en/soapserver.soapserver.php method. so I'm a bit confused about the lack of info there. Why would the extension not include a WSDL-generation method for one given server object while other libraries (NuSOAP and PEAR::SOAP) do? Isn't that kind of pushing users away from the core extension? I mean, generating a WSDL is not a funny job, but many services will need one and a developer doesn't want to be updating his at every change he makes in his service function, does he? Thank you, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Securing web services
Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for securing web services), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do). Following the very nice table on page 32 of http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf using a combination of XML Encryption and XML Signature would provide a cover for almost all security risks related to providing web services. This article: http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html also goes away from the SSL method and *talks* about XML-DSIG and WS-Security, but that's out of PHP context. Finally, the following article talks about NuSOAP and the SetCredentials method, which is probably the closest I can get to secure web services using existing PHP code. Would anybody out here have gotten further and be able to tell me how they did it? Thanks, Yannick -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Securing web services
Yannick Warnier wrote: Hi there, Another Web Service related question. Obviously, Google gives me enough hints to find *many* documents on the topic (searching for securing web services), but I am developing open-source soft and I'd like to secure my web services to the maximum without forcing the user to use HTTPS/SSL (the generation of buying of a certificate is not what our lambda users can do). Yanick, I'm hoping to save you some time here; Web Services are very poorly implemented in PHP (and that sentence is the reason I'm emailing you off-list). Everything you need is catered for in SOAP and by using the WS-xxx extensions which are common place in the Java and .net world (infact most languages) - thankfully those who are fortunate enough to know can do this in PHP as well and consume all manner of web services, as well as generate them. You need WSO2 (oxygen) - specifically WSO2 WSF/PHP; it's the finest web service library for all languages and has a massive community behind it. http://wso2.org/projects/wsf/php docs: http://wso2.org/project/wsf/php/2.0.0/docs/api.html Honestly my friend, everything you need - I've been through the same thing as you for moths over many projects and this framework saved my life. it also has very nice scripts for working with wsdl including an automatic wsdl2php and a full WSDL generation API :) Many Regards, Nathan ps: I'm no affiliation :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Which file Included me?
But we could use rawurlencode($_SERVER['PHP_SELF']), no? João Michael A. Peters wrote: Nisse Engström wrote: On Wed, 18 Feb 2009 10:37:53 -0800, Michael A. Peters wrote: http://www.gfx-depot.com/forum/-php-server-php-self-validation-t-1636.html explains a technique to validate the input as well (don't trust that is clean) Amazing! Not once did they mention htmlspecialchars(). /Nisse htmlspecialchars causes problems if you are going to use the data with DOMDocument. I believe the point was to produce a proper _SERVER['PHP_SELF'] - not a sanitized but still borked version. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] ldap_search filter with memberOf
I am trying to construct a filter for ldap_search that tests the AD memberOf attribute. The latter has possibly multiple values for a given user, and I want something like (memberOf=*Student*) to get all and only the students. I realize that the above does not work, that the memberOf attribute has some internal structure that requires something more complicated, but I cannot seem to get it working. What I have done is use a very broad $filter, an $attribs that includes memberOf-- and then loop through the results keeping only the students, thus: $sr= ldap_search($ldapconn, $dn, $filter, $attribs); for ($entryid=ldap_first_entry($ldapconn,$sr);$entryid!=false;$entryid=ldap_next_entry($ldapconn,$entryid)){ $this_memberof = implode(ldap_get_values($ldapconn,$entryid,'memberof')); If (stripos($this_memberof,'student') ) { // do something, etc. } } But this is wildly inefficient. How can I just create the filter I need for ldap_search? Thanks! Alan
[PHP] need help on the BBcode extension: What's the syntax of the Object Oriented Notation content_handling
Hi there, I'm using the BBcode extension(version 1.0.2), and the manual(url: http://www.php.net/manual/en/function.bbcode-create.php) said the bbcode_initial_tags accepted Object Oriented Notation on content_handling, but I don't find any document on this notation or syntax, so could anyone tell me how to use the Object Oriented Notation? Regards, Kinch -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Securing web services
Yanick, I'm hoping to save you some time here; Web Services are very poorly implemented in PHP (and that sentence is the reason I'm emailing you off-list). You actually didn't :-) . Everything you need is catered for in SOAP and by using the WS-xxx extensions which are common place in the Java and .net world (infact most languages) - thankfully those who are fortunate enough to know can do this in PHP as well and consume all manner of web services, as well as generate them. You need WSO2 (oxygen) - specifically WSO2 WSF/PHP; it's the finest web service library for all languages and has a massive community behind it. http://wso2.org/projects/wsf/php docs: http://wso2.org/project/wsf/php/2.0.0/docs/api.html Honestly my friend, everything you need - I've been through the same thing as you for moths over many projects and this framework saved my life. it also has very nice scripts for working with wsdl including an automatic wsdl2php and a full WSDL generation API :) Many Regards, Nathan ps: I'm no affiliation :) -- Thodoris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php