Adventures in IT

Image: Pixabay PHP allows you to have multiple catch blocks.  The manual says that when an exception occurs PHP will try to find the first matching exception block, but it isn't entirely clear on exactly how  PHP matches "catch" blocks when handling exceptions. Why is it important to understand how PHP matches a catch block? It really relates to the fact that you are able to extend the base "Exception" class in PHP to make your own classes.  Throwing exceptions that are specific is good practice because it allows you to write catch blocks that are focused on solving just one sort of problem at a time.  The SPL exceptions are a good example of hierarchical exception inheritance in case you're wanting to see some practical usage. In PHP a catch block is a match for an exception if the exception class is either the same as or inherits from the class in the catch clause. Here's a trivial example: In this example I've set up an excepti...

Image: pexels.com I'm busy with the self assessment questionnaire for PCI compliance.  Part of the database requirements are that cardholder data are encrypted at rest as well as in transit. I host with Amazon RDS and use Laravel so my life is made pretty easy. Amazon RDS natively supports encrypted connections and also lets you create a database that is stored on an encrypted backing instance.  If you've enabled this option then all that you need to do is make sure that you connect to the database using an encrypted connection. I'm not getting paid anything for saying that I really enjoy using RDS, but today is another occasion when I'm really happy that I didn't have to sit and install certificates and fiddle with a cluster configuration to enable SSL connections.  The "zero config" that comes with RDS saves time and money. Laravel was really easy to configure to use SSL.  All that you need to do is download the RDS certificate chain from  ht...

Image: Pixabay Email injection is one of the topics I cover in my Zend certification guide.  You can grab a copy on Leanpub - https://leanpub.com/phpforprogrammers/ It is possible for a user to supply hexadecimal control characters that allow them to change the message body or recipient list. For example, if your form allows the person to enter their email address as a “from” field for the email then the following string will cause additional recipients to be included as cc and blind carbon copy recipients of the message: sender@example.com%0ACc:target@email.com%0ABcc:anotherperson@emailexample.com,stranger@shouldhavefiltered.com It is also possible for the attacker to provide their own body, and even to change the MIME type of the message being sent.  This means that your form could be used by spammers to send mail from. You can protect against this in a couple of ways. Make sure that you properly filter input that you use when sending mails.  The `filter...

What are traits? Image: Pixabay Let's start by understanding what traits are and how they're useful.  We'll move on to code examples straight after that. Traits are not unique to PHP and are available in other languages too.  They provide a way to extend the functionality of a class.  A trait will have methods to implement this functionality and make these available as if they had been defined in the class itself. In other words traits are flattened into a class and it doesn’t matter if a method is defined in the trait or in the class that uses the trait. You could copy and paste the code from the trait into the class and it would be used in the same manner. The code that is included into a trait is intended to encapsulate reusable properties and methods that can be applied to multiple classes.  Traits group functionality in a fine-grained and consistent way and allow you to reuse this functionality without requiring inheritance. I mentioned...

I am busy learning Elixir , a language that adds syntactic sugar to the awesomely scalable and concurrent Erlang language.  The "go to" framework in Elixir is Phoenix  and I'm busy writing my "hello world" application which will serve up data across a web channel. I followed the Typescript version of the Quickstart guide for Angular 2 ( here ).  I really like what I've seen of Typescript so far.  Dependencies are easy to manage and the ability to define interfaces is a good sign of how well structured the language is.  I think Satya Nadella should be made an open source hero, if such an award exists. Anyway, what I wanted to do was get my Angular 2 application to be able to connect to the Elixir server channel and send a request to listen to a particular stream.  The idea is to use the Actor concurrency model (explained brilliantly in " The Little Elixir & OTP Book ") to start up a new process whenever a request for a stream arrives.  This ...

I'm very much a fan of the clean implementation of Laravel but really dislike the fact that if there is something wrong with the .env file it refuses to give any meaningful information. Laravel uses the vlucas/phpdotenv package to manage its environment. It's pretty well known that if you have a space on either side the = sign in a key value pair then the .env file is invalid, but I had checked for this (and checked again). Laravel will try to use its standard logging methods before they have actually had a chance to be booted up with the result that you're left with a "reflection error" exception message on the CLI rather than the actual cause of the problem in the dotenv package. Debugging this is not trivial and I resorted to using strace to try and determine exactly what was going on.  Don't do this at home kids!  The easier solution is at the end of the article. I used the following command to generate a trace of the system calls being made by ...

I've recently been playing with Docker on Windows in conjunction with Linux on Windows .  I'm really amazed at how cool the stuff coming out of Microsoft is under Satya Nadella.   When I was using Docker Toolbox on Windows my Dockerfiles would build correctly but as soon as I tried to run them in a Virtualbox host they would fail with the error " Something wicked happened resolving 'archive.ubuntu.com:http' (-5 - No address associated with hostname) " Of course this error wasn't distribution specific and none of the distros I tried were working. The stack that I am using is Windows Home hosting Ubuntu on VirtualBox which is running Docker.  I'm using bash on Linux for Windows because it's easier to do stuff like ssh but it's not relevant to this setup. I tried setting the DNS in the Docker setup by using RUN steps to update /etc/resolv.  This felt a bit hacky and didn't work anyway. In the end the fix was to go to my Window...